SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (UNIX)  >  OpenBSD Kernel Vendors:  OpenBSD
OpenBSD semget() Boundary Overflow Bug Lets Local Users Crash the System
SecurityTracker Alert ID:  1007543
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 20 2003
Impact:  Denial of service via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): OpenBSD 3.3
Description:  A vulnerability was reported in the OpenBSD operating system in the semget(2) system call. A local user can trigger a kernel panic.

It is reported that the semget(2) system call does not properly validate the bounds of user-supplied input. A local user can make a specially crafted call to cause the function to consume all available kernel memory, resulting in a kernel panic.

The vendor reports that the vulnerable code was introduced into OpenBSD version 3.3. Previous versions are not affected, the report said.

The vendor credits blexim for discovering and reporting the flaw.
Impact:  A local user can cause a kernel panic.
Solution:  The vendor has issue a fixed in the OpenBSD-current and 3.3 stable branches. A patch is also available for OpenBSD 3.3:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch
Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:  Boundary error, Resource error
Underlying OS:  UNIX (OpenBSD)
OS Comments:  OpneBSD 3.3 only
Reported By:  "Todd C. Miller" <Todd.Miller@courtesan.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 20 Aug 2003 14:29:04 -0600
From:  "Todd C. Miller" <Todd.Miller@courtesan.com>
Subject:  OpenBSD 3.3: improper kernel bounds check

 

An improper bounds check in the semget(2) system call can allow a
local user to cause a kernel panic.  No privilege escalation is
possible, the attack simply runs the kernel out of memory.  The bug
was introduced in OpenBSD 3.3, previous versions of OpenBSD are
unaffected.

The bug has been fixed in OpenBSD-current as well as the 3.3 stable
branch.  In addition, a patch is available for OpenBSD 3.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch

Credit goes to blexim for finding and reporting the problem.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC