[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [Full-Disclosure] yet another OpenBSD kernel hole ...
On Tue, Nov 18, 2003 at 10:04:04AM -0500, josh wrote:
> Schamil Wackenhut wrote...
> > * Dries Schellekens wrote:
> > > Anyone succeeded in succesfully exploiting this on 3.3 or lower?
> > 3.3 default install is exploitable.
> As is 3.3-stable.
Not anymore at the time of your writing. Since quite a few hours.
Module name: src
Changes by: email@example.com 2003/11/17 15:50:16
sys/compat/ibcs2: Tag: OPENBSD_3_3 ibcs2_exec.c
Pull patch from -current:
Fix by tedu@
add a missing bounds check that allowed a stack overrun. reported by
Georgi Guninski. also prevent an int overflow. ok millert@
Art is either plagiarism or revolution.
-- Paul Gauguin