Vulnerabilities > CVE-2006-5218 - Local Integer Overflow vulnerability in OpenBSD Systrace STRIOCREPLACE

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

netbsd

openbsd

NVD

Published: 2006-10-10

Updated: 2017-07-20

Summary

Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. A patch has been released for each affected product which addresses this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Netbsd Netbsd Netbsd 3.0	1
OS	Openbsd Openbsd Openbsd 3.8 Openbsd Openbsd 3.9	2

References

http://openbsd.org/errata.html#systrace
http://scary.beasts.org/security/CESA-2006-003.html
http://secunia.com/advisories/22324
http://securitytracker.com/id?1017009
http://www.osvdb.org/29570
http://www.securityfocus.com/bid/20392
https://exchange.xforce.ibmcloud.com/vulnerabilities/29392