Vulnerabilities > CVE-2003-0955 - Local Malformed Binary Execution Denial of Service vulnerability in Openbsd 3.3/3.4
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Exploit-Db
description OpenBSD (ibcs2_exec) Kernel Local Exploit. CVE-2003-0955. Local exploit for bsd platform id EDB-ID:118 last seen 2016-01-31 modified 2003-11-07 published 2003-11-07 reporter Scott Bartram source https://www.exploit-db.com/download/118/ title OpenBSD ibcs2_exec Kernel Local Exploit description OpenBSD 2.x - 3.3 exec_ibcs2_coff_prep_zmagic() Kernel Exploit. CVE-2003-0955. Local exploit for bsd platform id EDB-ID:125 last seen 2016-01-31 modified 2003-11-19 published 2003-11-19 reporter Sinan Eren source https://www.exploit-db.com/download/125/ title OpenBSD 2.x - 3.3 exec_ibcs2_coff_prep_zmagic Kernel Exploit
References
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html
- http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2
- http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2
- http://www.guninski.com/msuxobsd2.html
- http://www.openbsd.org/errata33.html
- http://www.securityfocus.com/bid/8978