CVE-2006-0098

Severity

46%

Complexity

39%

Confidentiality

106%

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenBSD

First reported 19 years ago

2006-01-06 11:03:00

Last updated 16 years ago

2008-09-05 20:58:00

Affected Software

OpenBSD 3.7

3.7

OpenBSD 3.8

3.8

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch

Patch

18296

Patch, Vendor Advisory

1015437

[3.7] 20060105 008: SECURITY FIX: January 5, 2006

Patch

22231

16144

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.