search menu icon-carat-right cmu-wordmark

CERT Coordination Center

OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program

Vulnerability Note VU#314963

Original Release Date: 2002-05-24 | Last Revised: 2002-12-12

Overview

The OpenBSD kernel does not adequately check file descriptors 0-2 prior to exec()ing setuid binaries. Other OS kernels may be vulnerable as well.

Description

The OpenBSD kernel does not adequately check file descriptors 0-2 prior to exec()ing setuid binaries. As a result, an attacker may be able to gain elevated privileges.

Impact

A local attacker can gain root privileges.

Solution

Apply a patch from your vendor.

OpenBSD patches are available from:

OpenBSD Patch 026_fdalloc2.patch:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/026_fdalloc2.patch

OpenBSD 3.0:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/021_fdalloc2.patch

OpenBSD 3.1:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/003_fdalloc2.patch

Vendor Information

314963
 

View all 26 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Ian A. Finlay.

Other Information

CVE IDs: None
Severity Metric: 29.53
Date Public: 2002-05-09
Date First Published: 2002-05-24
Date Last Updated: 2002-12-12 16:00 UTC
Document Revision: 26

Sponsored by CISA.