Local Privilege Escalation in NetBSD and OpenBSD with USER_LDT Option
CVE-2001-0268

Currently unrated

Key Information:

Vendor: OpenBSD
Status: OpenBSD; Netbsd
Vendor: CVE Published:; 3 May 2001

What is CVE-2001-0268?

The i386_set_ldt system call in NetBSD 1.5 and earlier, as well as OpenBSD 2.8 and earlier, contains a vulnerability when the USER_LDT kernel option is enabled. This flaw allows local users to manipulate the Local Descriptor Table (LDT) to create a segment call gate with a target that points to an arbitrary kernel address. By doing so, an attacker can escalate their privileges to root, gaining unauthorized access to sensitive kernel memory and resources. This issue underscores the importance of stringent validation checks in system calls to prevent unauthorized privilege escalation.

References

http://archives.neohapsis.com/archives/linux/caldera/2001...

vendor-advisoryx_refsource_CALDERA

http://archives.neohapsis.com/archives/netbsd/2001-q1/009...

vendor-advisoryx_refsource_NETBSD

http://www.kb.cert.org/vuls/id/358960

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2001
Vulnerability Reserved
Apr 4, 2001