OpenBSD IPSec getsockopt() Bug Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1014210 |
|
SecurityTracker URL: http://securitytracker.com/id/1014210
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 16 2005
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.6, 3.7
|
Description:
A vulnerability was reported in OpenBSD in ip_ctloutput(). A local user can cause denial of service conditions.
A local user can invoke getsockopt(2) to get ipsec(4) credentials for a socket to trigger a kernel panic.
The flaw resides in 'sys/netinet/ip_output.c' in the ip_ctloutput() function.
The vendor credits Stefan Miltchev with reporting this vulnerability.
|
Impact:
A local user can cause a kernel panic.
|
Solution:
The vendor has issued the following fixes.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/002_getsockopt.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/017_getsockopt.patch
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 16 Jun 2005 01:26:55 -0400
Subject: [none]
|
> RELIABILITY FIX: June 15, 2005 All architectures
> As discovered by Stefan Miltchev calling getsockopt(2) to get ipsec(4) credentials
> for a socket can result in a kernel panic.
> A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/002_getsockopt.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/017_getsockopt.patch
|
|
