Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0098

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0098
Last Modified 05 Sep 2008 04:58:21
Published 06 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0098

Summary

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

Vulnerable Systems

Operating System

  • Openbsd 3.7

  • Openbsd 3.8


References

BID - 16144

OPENBSD - [3.7] 20060105 008: SECURITY FIX: January 5, 2006

SECUNIA - 18296

MISC - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch

OSVDB - 22231

SECTRACK - 1015437


Last Updated: 27 May 2016 10:41:32