Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Netbsd | Netbsd | 3.0 (including) | 3.0 (including) |
| Openbsd | Openbsd | 3.8 (including) | 3.8 (including) |
| Openbsd | Openbsd | 3.9 (including) | 3.9 (including) |
References
- http://openbsd.org/errata.html#systrace
- http://scary.beasts.org/security/CESA-2006-003.html
- http://secunia.com/advisories/22324
- http://securitytracker.com/id?1017009
- http://www.osvdb.org/29570
- http://www.securityfocus.com/bid/20392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29392
- http://openbsd.org/errata.html#systrace
- http://scary.beasts.org/security/CESA-2006-003.html
- http://secunia.com/advisories/22324
- http://securitytracker.com/id?1017009
- http://www.osvdb.org/29570
- http://www.securityfocus.com/bid/20392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29392