Bugtraq mailing list archives
[no subject]
From: Theo de Raadt <deraadt () CVS OPENBSD ORG>
Date: Fri, 16 Feb 2001 01:22:55 -0700
Topic: Vulnerability in x86 USER_LDT validation. Version: All versions of NetBSD, on the i386 platform ONLY. Severity: Local users may execute code with system priveleges Fixed: NetBSD-current: January 16, 2001 NetBSD-1.5 branch: January 17, 2001 NetBSD-1.4 branch: January 17, 2001 [...] A subtle bug in validation of user-supplied arguments to a syscall can allow allow user applications on the i386 platform to transfer control to arbitrary addresses in kernel memory, bypassing normal system protections. [...] * OpenBSD has the same bug, in code inherited directly from NetBSD.
This last sentence is incorrect. OpenBSD does not have the needed option to enable this configured in any kernel or kernel configuration file we supply; the option is so poorly documented that noone would compile a kernel with it; no userland or kernel software that we know of at present requires it; and thus we are hardpressed to think of a user who might use it. This bug is `disabled'. (We disabled this feature a very very long time ago because ... well, nevermind, you've heard it before.) The problem was fixed at the same time as NetBSD fixed it; we even told them why it didn't apply to OpenBSD users, and are surprised that was left out of the advisory. Oh well. Anyways, it is fixed, and will affect noone. We don't think we're going to put an advisory up for it.
Current thread:
- [no subject] security-officer (Feb 16)
- [no subject] Theo de Raadt (Feb 16)
- Re: your mail Hannah Schröter (Feb 20)
- [no subject] Theo de Raadt (Feb 16)