CVE-2001-1559

MEDIUM

OpenBSD <3.1 - DoS

Title source: llm

Description

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marco Peereboom · cdosopenbsd

https://www.exploit-db.com/exploits/21167

View Code ZIP pw:eip

References (3)

[Broken Link] http://www.iss.net/security_center/static/7690.php

[Broken Link, Exploit] http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html

[Broken Link, Exploit] http://monkey.org/openbsd/archive/tech/0112/msg00015.html

Scores

CVSS v3 5.5

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

openbsd/openbsd 2.9

openbsd/openbsd 3.0

Published Dec 31, 2001

Tracked Since Feb 18, 2026