CVE-2002-0766
OpenBSD 2.9-3.1 - Denial of Service and Privilege Escalation via File Descriptor Exhaustion
Title source: llmDescription
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
References (7)
Core 7
Core References
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata.html#fdalloc2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/271702
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9048.php
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/314963
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5715
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4708
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5114
Scores
EPSS
0.0018
EPSS Percentile
38.6%
Details
Status
published
Products (3)
openbsd/openbsd
2.9
openbsd/openbsd
3.0
openbsd/openbsd
3.1
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026