Contributed by Dengue on from the never-trust-the-users dept.
http://security-protocols.com/article.php?sid=1239Patch 003 fixes this condition in OpenBSD 3.1, and Patch 021 fixes this condition in OpenBSD 3.0. See errata.html for more details.
" On current OpenBSD systems, any local user (being or not in the wheel group) can fill the kernel file descriptors table, leading to a denial of service. Because of a flaw in the way the kernel checks closed file descriptors 0-2 when running a setuid program, it is possible to combine these bugs and earn root access by winning a race condition.
The following is research material from FozZy from Hackademy and Hackerz Voice newspaper ( http://www.hackerzvoice.org ) and can be distributed modified or not if proper credits are given to them. For educational purposes only, no warranty of any kind, I may be wrong, this post could kill you mail reader, etc. "
(Comments are closed)