Home > OpenBSD > OpenBSD: improper kernel bounds check; OS Fingerprinting in Firewall

OpenBSD: improper kernel bounds check; OS Fingerprinting in Firewall

OpenBSD 7 Comments

OpenBSD’s Todd Miller reports that an improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic. No privilege escalation is possible, the attack simply runs the kernel out of memory. The bug was introduced in OpenBSD 3.3, previous versions of OpenBSD are unaffected. Earlier, Mike Frantzen has committed “Passive operating system fingerprinting” to PF which exposes the source host’s OS to the filter language.

About The Author

Eugenia Loli

Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.

Follow me on Twitter @EugeniaLoli

7 Comments

  1. 2003-08-30 12:34 pm
    Anonymous

    I wonder if other BSDs (Free, Net, BSDi) vulnerable?

    Haven’t seen any security announcement on this.

  2. 2003-08-30 2:13 pm
    Anonymous

    > I wonder if other BSDs (Free, Net, BSDi) vulnerable?

    > Haven’t seen any security announcement on this.

    I can say with 99% confidence that FreeBSD isn’t affected (as it doesn’t share any code with Net/OpenBSD) and 95% certainty that NetBSD isn’t affected as it shares only a tiny amount of code from when the two split.

    Also, the exploit was introduced with 3.3 so it would be impossible for Free/Net to be affected unless they used code from this release. For example, OpenBSD uses some of NetBSDs drivers, Net/Free-BSD use OpenBSD’s SSH. etc.

  3. 2003-08-30 2:19 pm
    Anonymous

    Hasn’t the OS fingerprinting feature been on osnews.com before?

    And patch 002 is rather old already ;)

  4. 2003-08-30 7:12 pm
    Anonymous

    Do you mean announcements for FreeBSD, or OpenBSD. The announcement has been out for OpenBSD for quite a while.

  5. 2003-08-30 7:15 pm
    Anonymous

    This news about PF is old as well. It was announced on August 21, 2003 at http://www.deadly.org. However, it is always nice to see a liberal dose of OpenBSD news.

  6. 2003-08-31 1:59 am
    Anonymous

    “I can say with 99% confidence that FreeBSD isn’t affected (as it doesn’t share any code with Net/OpenBSD) and 95% certainty that NetBSD isn’t affected as it shares only a tiny amount of code from when the two split.”

    *Sigh*

    And I was so hoping that I wasn’t going to read anything so stupid today as your post. I suggest that you take a casual look through the source code for the three, (FreeBSD, NetBSD and OpenBSD) and see just how much code that they “do not” share with each other. I am 99% sure that you’ll be suprised. I am however, only 1% sure that you’ll do it.

  7. 2003-08-31 11:21 am
    Anonymous

    For one of the most secures OS, a security problem is important. And the users must know about the problem and parch the system. That is the reason because it is published on osnews.

    Sorry for my english.