Custom Search
Thursday, November 20, 2003
Below is the reason for my latest OpenBSD 3.3 patching
adventure. Damn, I love the system, but I'm starting to
feel like I'm back running windoze! :-) Slight exaggeration,
to say the least, since OpenBSD is so secure by nature,
but I really hate patching systems. It's so easy for some
crap to go wrong, what with everything that's installed
on the system, but still, I hate to keep doing this crap
every week.
Description:
A vulnerability has been reported in OpenBSD, which
can be exploited by malicious, local users to escalate
their privileges or cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error in
"compat_ibcs2". This can be exploited by running a
specially crafted binary, which causes a buffer overflow.
Successful exploitation may allow execution of arbitrary
code with escalated privileges on OpenBSD 3.3. However,
exploitation is detected by ProPolice in OpenBSD 3.4 and
therefore only causes a DoS.
Solution:
Apply patch.
OpenBSD 3.4:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/i386/006
_ibcs2.patch
OpenBSD 3.3:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011
_ibcs2.patch
Reported by / credits:
Georgi Guninski
Original Advisory:
OpenBSD kernel overflow:
http://www.guninski.com/msuxobsd2.html
OpenBSD:
http://www.openbsd.org/errata.html#ibcs2
0 Comments:
Post a Comment
<< Home