|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
Certain BSD-derived kernels contain a flaw that may allow a local denial of service. The issue is triggered when a malicious user sends signals to arbitrary processes via certain ioctl and fcntl system calls to interrupt or kill processes, resulting in loss of availability for the service or platform.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Denial of Service,
Input Manipulation,
Misconfiguration
Impact:
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unavailable
Disclosure:
OSVDB Verified
|
|
Technical |
Surgical application of this vulnerability can be used to compromise the
system - for example, a process holding a bound address (NFS port 2049,
for instance) can be killed off and it's port stolen; this can be used to
steal NFS file handles.
|
|
Solution |
Upgrade to OpenBSD version 2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For all others, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
BSD
 |
4.4 |
|
FreeBSD
|
Unknown or Unspecified |
|
NetBSD
|
Unknown or Unspecified |
|
OpenBSD
|
2.1 |
|
IRIX
|
Unknown or Unspecified |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
