[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-security-announce
Subject: compat_ibcs2(8) privilege escalation (3.3) / kernel panic (3.4)
From: Henning Brauer <henning () openbsd ! org>
Date: 2003-11-18 13:57:31
[Download RAW message or body]
Georgi Guninski reported a stack overrun due to a missing bounds check
in the kernel's iBCS2 emulation. Another similar problem was also fixed
at the same time.
This issue only affects the i386 architecture.
On OpenBSD 3.3, this may result in arbitray code execution and local user
privilege escalation.
On OpenBSD 3.4, ProPolice catches this, turning a potential privilege
escalation into a denial of service.
Fixes have been committed to the -stable cvs branches, and patches are
also available at
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/006_ibcs2.patch
and
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/011_ibcs2.patch
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic