Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0955

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0955
Last Modified 10 Sep 2008 03:20:59
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0955

Summary

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

Vulnerable Systems

Operating System

  • Openbsd 3.3

  • Openbsd 3.4


References

CONFIRM - http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106917441524978&w=2

OPENBSD - 20031105 005: RELIABILITY FIX: November 4, 2003

BID - 8978

OPENBSD - 20031104 010: RELIABILITY FIX: November 4, 2003

MISC - http://www.guninski.com/msuxobsd2.html

FULLDISC - 20031104 OpenBSD kernel overflow, yet still *BSD much better than windows

CONFIRM - http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106808820119679&w=2


Last Updated: 27 May 2016 10:38:06