CVE-2003-0955

Severity

46%

Complexity

39%

Confidentiality

106%

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenBSD

First reported 21 years ago

2003-12-15 05:00:00

Last updated 8 years ago

2016-10-18 02:38:00

Affected Software

OpenBSD 3.3

3.3

OpenBSD 3.4

3.4

References

20031105 005: RELIABILITY FIX: November 4, 2003

Patch

20031104 OpenBSD kernel overflow, yet still *BSD much better than windows

http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2

http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2

http://www.guninski.com/msuxobsd2.html

Exploit, Vendor Advisory

20031104 010: RELIABILITY FIX: November 4, 2003

8978

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.