Below is the reason for my latest OpenBSD 3.3 patching
adventure. Damn, I love the system, but I'm starting to
feel like I'm back running windoze! :-) Slight exaggeration,
to say the least, since OpenBSD is so secure by nature,
but I really hate patching systems. It's so easy for some
crap to go wrong, what with everything that's installed
on the system, but still, I hate to keep doing this crap
A vulnerability has been reported in OpenBSD, which
can be exploited by malicious, local users to escalate
their privileges or cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error in
"compat_ibcs2". This can be exploited by running a
specially crafted binary, which causes a buffer overflow.
Successful exploitation may allow execution of arbitrary
code with escalated privileges on OpenBSD 3.3. However,
exploitation is detected by ProPolice in OpenBSD 3.4 and
therefore only causes a DoS.
Reported by / credits:
OpenBSD kernel overflow: