SB2018083001 - Denial of service vulnerabilities in OpenBSD
Published: August 30, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2018-14775)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to access control flaw in tss_alloc() in 'sys/arch/i386/i386/gdt.c'. A local attacker can run a specially crafted application and cause the system to crash.
2) Improper input validation (CVE-ID: N/A)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in elf_load_file() in OpenBSD Kernel. A local attacker can execute a specially crafted ELF binary and cause a kernel panic.
Remediation
Install update from vendor's website.
References
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/020_ioport.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/015_ioport.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/018_execsize.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/012_execsize.patch.sig