OpenBSD semctl / semop Local Overflow DoS

2003-11-21T02:47:42
ID OSVDB:2871
Type osvdb
Reporter OSVDB
Modified 2003-11-21T02:47:42

Description

Vulnerability Description

A local overflow exists in two OpenBSD functions. The system fails to properly sanity check the semctl and semop system functions when a user-supplied semaphore set is handled. With a simple program, an attacker can cause a kernel panic and crash the system.

Solution Description

Install the 008_sem.patch provided by OpenBSD. A patch is required as there are no known workarounds.

Short Description

A local overflow exists in two OpenBSD functions. The system fails to properly sanity check the semctl and semop system functions when a user-supplied semaphore set is handled. With a simple program, an attacker can cause a kernel panic and crash the system.

References:

Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_sem.patch Vendor Specific Advisory URL Secunia Advisory ID:10309 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0260.html ISS X-Force ID: 13811 Bugtraq ID: 9086