openbsd-select-bug.txt

Hi there, Recently a bug in the select syscall of openbsd was published. This text describes the details and the eventual exploitation of this bug. First of all let us look at the definition of select: int selectint nfds, fdset readfds, fdset writefds, fdset exceptfds, struct timeval timeout; The...

OpenBSD contains buffer overflow in "select" call

Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...

Signed/unsigned conversion bug in OpenBSD select() call

By passing negative argument to select function it's possible to overwrite the fragment of kernel memory...

PT-1999-1082 · Netbsd · Netbsd

Name of the Vulnerable Software and Affected Versions: NetBSD affected versions not specified Description: A race condition exists between the select and accept calls in NetBSD TCP servers, allowing remote attackers to cause a denial of service. Recommendations: At the moment, there is no...