Description
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
References (4)
Core 4
Core References
Patch x_refsource_confirm
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch
Exploit, Patch, Vendor Advisory vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/plus32.html
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10278.php
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5861
Scores
EPSS
0.0014
EPSS Percentile
34.3%
Details
Status
published
Products (12)
openbsd/openbsd
2.0
openbsd/openbsd
2.1
openbsd/openbsd
2.2
openbsd/openbsd
2.3
openbsd/openbsd
2.4
openbsd/openbsd
2.5
openbsd/openbsd
2.6
openbsd/openbsd
2.7
openbsd/openbsd
2.8
openbsd/openbsd
2.9
... and 2 more
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026