CVE-2001-1559

MEDIUM

OpenBSD 2.9-3.0 - Denial of Service via uipc System Calls

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1559. PoCs published by Marco Peereboom.

AI-analyzed exploit summary This exploit triggers a local denial-of-service (DoS) in OpenBSD by attempting to pipe a NULL value, causing a kernel crash. The code is a minimal PoC demonstrating the vulnerability without additional malicious payloads.

Description

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Marco Peereboom · cdosopenbsd
https://www.exploit-db.com/exploits/21167

This exploit triggers a local denial-of-service (DoS) in OpenBSD by attempting to pipe a NULL value, causing a kernel crash. The code is a minimal PoC demonstrating the vulnerability without additional malicious payloads.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OpenBSD (versions affected by CVE-2001-1559)
No auth needed
Prerequisites: Local user access on the target OpenBSD system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7690.php
Broken Link, Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html
Broken Link, Exploit mailing-list x_refsource_mlist
http://monkey.org/openbsd/archive/tech/0112/msg00015.html

Scores

CVSS v3 5.5
EPSS 0.0148
EPSS Percentile 70.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (2)
openbsd/openbsd 2.9
openbsd/openbsd 3.0
Published Dec 31, 2001
Tracked Since Feb 18, 2026