Custom Search

Thursday, November 20, 2003

OpenBSD Patching

Below is the reason for my latest OpenBSD 3.3 patching adventure. Damn, I love the system, but I'm starting to feel like I'm back running windoze! :-) Slight exaggeration, to say the least, since OpenBSD is so secure by nature, but I really hate patching systems. It's so easy for some crap to go wrong, what with everything that's installed on the system, but still, I hate to keep doing this crap every week. Description: A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to escalate their privileges or cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in "compat_ibcs2". This can be exploited by running a specially crafted binary, which causes a buffer overflow. Successful exploitation may allow execution of arbitrary code with escalated privileges on OpenBSD 3.3. However, exploitation is detected by ProPolice in OpenBSD 3.4 and therefore only causes a DoS. Solution: Apply patch. OpenBSD 3.4: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/i386/006 _ibcs2.patch OpenBSD 3.3: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011 _ibcs2.patch Reported by / credits: Georgi Guninski Original Advisory: OpenBSD kernel overflow: http://www.guninski.com/msuxobsd2.html OpenBSD: http://www.openbsd.org/errata.html#ibcs2