Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

OpenBSD compat_ibcs2 Buffer Overflow Vulnerability

Nov 18, 2003 12:11AM PST

Critical: Less critical
Impact: Privilege escalation
DoS

Where: Local system



OS: OpenBSD 3.x




Description:
A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to escalate their privileges or cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error in "compat_ibcs2". This can be exploited by running a specially crafted binary, which causes a buffer overflow.

Successful exploitation may allow execution of arbitrary code with escalated privileges on OpenBSD 3.3. However, exploitation is detected by ProPolice in OpenBSD 3.4 and therefore only causes a DoS.


Solution:
Apply patch.

http://www.secunia.com/advisories/10246/

Discussion is locked