OpenBSD Kernel Bug in gertrlimit() Function May Let Local Users Crash the System
|
|
SecurityTracker Alert ID: 1005553 |
|
SecurityTracker URL: http://securitytracker.com/id/1005553
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 7 2002
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): OpenBSD 3.0, 3.1
|
Description:
A denial of service vulnerability was reported in the OpenBSD getrlimit(2) system call. A local user may be able to crash the system.
It is reported that a local user can make a getrlimit(2) system call with specially crafted arguments to cause the kernel to crash. This is due to incorrect argument limits.
|
Impact:
A local user can crash the kernel.
|
Solution:
The vendor has released the following kernel patches:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 06 Nov 2002 21:47:13 -0500
Subject: OpenBSD getrlimit2 kernel bug
|
SECURITY FIX: November 6, 2002
Incorrect argument checking in the getrlimit(2) system call may allow an attacker to crash
the kernel.
A source code patch exists which remedies the problem:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch
|
|
