CVE-2006-0098

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 3.7 through 3.8

Description: The issue allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. This is due to a problem in the dupfdopen function in sys/kern/kern descrip.c.

Recommendations: For OpenBSD versions 3.7 and 3.8, consider restricting access to setuid programs that utilize the /dev/fd/ path to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.