Security restrictions bypass in OpenBSD

Published: 2017-12-20 00:00:00
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 3.4 (AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
CVSSv3 4.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE ID N/A
CWE ID CWE-284
Exploitation vector Local
Public exploit Not available
Vulnerable software OpenBSD
Vulnerable software versions OpenBSD 6.2
Vendor URL OpenBSD
Advisory type Public

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient security checks in the fktrace(2) processing tracing system call. A local attacker can make a specially crafted system call and bypass intended security restrictions.

Remediation

Install update from vendor's website.

External links

https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/002_fktrace.patch.sig

Back to List