Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2180

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-2180
Last Modified 05 Sep 2008 04:32:32
Published 31 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2002-2180

Summary

The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.

Vulnerable Systems

Operating System

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1


References

BID - 5861

OPENBSD - 20021002 Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.

XF - openbsd-setitimer-memory-overwrite(10278)

CONFIRM - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch


Last Updated: 27 May 2016 10:37:38