[32477] in bugtraq
Re: OpenBSD kernel holes ...
daemon@ATHENA.MIT.EDU (Steve Tornio)
Tue Nov 18 16:46:06 2003
Date: Tue, 18 Nov 2003 14:19:22 -0600
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
Cc: bugtraq@securityfocus.com
To: noir@uberhax0r.net
From: Steve Tornio <steve@vitriol.net>
In-Reply-To: <Pine.GSO.4.44.0311181334410.824-200000@sodom.uberhax0r.net>
Message-Id: <7EFB376E-1A04-11D8-9906-000393C92756@vitriol.net>
Content-Transfer-Encoding: 7bit
<snip>
> from http://www.wideopenbsd.org/errata.html
>
> All architectures
>
> 005: RELIABILITY FIX: November 4, 2003
> It is possible for a local user to cause a system panic by
> executing
> a specially crafted binary with an invalid header.
> A source code patch exists which remedies the problem.
>
>
> reliability ??? ehh ;-P yeah yeah right!
>
um, that's the wrong errata entry. For 3.4 -
006: SECURITY FIX: November 17, 2003
It may be possible for a local user to overrun the stack in
compat_ibcs2(8).
ProPolice catches this, turning a potential privilege escalation into
a denial of service. iBCS2 emulation does not need to be enabled via
sysctl(8) for this to happen.
A source code patch exists which remedies the problem.
Taken from http://www.openbsd.org/security.html#34
