Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| OpenBSD Semaphore Integer Overflow Lets Local Root Users Bypass 'securelevel()' Access Controls |
|---|
Categorie: Vulnerability
Posted: 2003-09-12 by ReCall
Views: 420
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: An integer overflow vulnerability was reported in the OpenBSD kernel. A local user with root privileges may be able to bypass 'securelevel(7)' access controls and write to kernel memory.
It is reported that there is an integer overflow in the semget(2) system call (src/sys/kern/sysv_sem.c). A local user with root privileges can write to certain kernel memory locations regardless of the securelevel(7) controls.
A local user with root privileges can reportedly set the 'seminfo.semmns' and 'seminfo.semmsl' variables to arbitrary values via sysctl(), causing a buffer to be incorrectly malloc'd.
Impact: A local user with root privileges may be able to bypass securelevel() access controls and write to kernel memory locations.
Solution: The vendor has released a fix in the -STABLE and -CURRENT versions (available via CVS).
Also, the following patch for the 3.3 kernel is available:
http://www.openbsd.org/cgi-bin/cvsweb.cgi/src/sys/kern/sysv_sem.c
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=422
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
