PT-2006-5953 · Netbsd+1 · Netbsd+1

Chris Evans

Published

2006-10-09

Updated

2017-07-20

CVE-2006-5218

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenBSD version 3.9 NetBSD version 3

Description The issue is related to an integer overflow in the systrace preprepl function, specifically with the STRIOCREPLACE ioctl. This can be exploited by local users to cause a denial of service, potentially gain privileges, or read arbitrary kernel memory by providing large numeric arguments to the systrace ioctl.

Recommendations For OpenBSD version 3.9, update to a version that includes a fix for the integer overflow in the systrace preprepl function. For NetBSD version 3, update to a version that includes a fix for the integer overflow in the systrace preprepl function.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5218

Affected Products

Netbsd

Openbsd

PT-2006-5953 · Netbsd+1 · Netbsd+1

CVE-2006-5218

Related Identifiers

Affected Products

References · 8