CVE-2001-0268
NetBSD < 1.5 and OpenBSD < 2.8 - Privilege Escalation via i386_set_ldt Call Gate Target Validation
Title source: llmDescription
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_caldera
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html
Patch, Vendor Advisory vendor-advisory
x_refsource_netbsd
http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/358960
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6222
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2739
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata.html#userldt
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6141
Scores
EPSS
0.0016
EPSS Percentile
36.2%
Details
Status
published
Products (2)
netbsd/netbsd
< 1.5
openbsd/openbsd
< 2.8
Published
May 03, 2001
Tracked Since
Feb 18, 2026