CERTA-2004-AVI-164
Vulnerability from certfr_avis

Une vulnérabilité dans le noyau OpenBSD permet à un utilisateur mal intentionné d'avoir accès à des données non autorisées ou de réaliser un déni de service local.

Description

Un débordement de mémoire existe dans le code procfs du noyau OpenBSD. Cette vulnérabilité permet à un utilisateur local mal intentionné de porter atteinte à la confidentialité des données ou de réaliser un déni de service.

Solution

Appliquer le correctif fourni par OpenBSD puis recompiler le noyau OpenBSD.

  • Pour la version OpenBSD 3.4 :

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch

  • Pour la version OpenBSD 3.5 :

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch
None
Impacted products
Vendor Product Description
OpenBSD OpenBSD OpenBSD 3.5.
OpenBSD OpenBSD OpenBSD 3.4 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenBSD 3.5.",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    },
    {
      "description": "OpenBSD 3.4 ;",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn d\u00e9bordement de m\u00e9moire existe dans le code procfs du noyau OpenBSD.\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur local mal intentionn\u00e9 de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou de r\u00e9aliser un d\u00e9ni\nde service.\n\n## Solution\n\nAppliquer le correctif fourni par OpenBSD puis recompiler le noyau\nOpenBSD.\n\n-   Pour la version OpenBSD 3.4 :\n\n        ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch\n\n-   Pour la version OpenBSD 3.5 :\n\n        ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch\n",
  "cves": [],
  "initial_release_date": "2004-05-13T00:00:00",
  "last_revision_date": "2004-05-13T00:00:00",
  "links": [],
  "reference": "CERTA-2004-AVI-164",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service local"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le noyau OpenBSD permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027avoir acc\u00e8s \u00e0 des donn\u00e9es non autoris\u00e9es ou de r\u00e9aliser un\nd\u00e9ni de service local.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau OpenBSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 OpenBSD du 13 mai 2004",
      "url": "http://www.openbsd.org/errata34.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.