Integer Overflow Vulnerability in Systrace for OpenBSD and NetBSD
CVE-2006-5218

Currently unrated

Key Information:

Vendor: OpenBSD
Status: OpenBSD; Netbsd
Vendor: CVE Published:; 10 October 2006

Summary

The systrace component in OpenBSD 3.9 and NetBSD 3 contains an integer overflow vulnerability in the systrace_preprepl function (STRIOCREPLACE). This flaw can be exploited by local users by providing large numeric arguments to the systrace ioctl, potentially leading to denial of service conditions, privilege escalation, or unauthorized access to arbitrary kernel memory.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29392

vdb-entryx_refsource_XF

http://www.osvdb.org/29570

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/22324

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006