CVE-2003-0955

OpenBSD 3.3-3.4 - Denial of Service and Possible Remote Code Execution via Invalid Program Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0955. PoCs published by Sinan Eren, Scott Bartram.

AI-analyzed exploit summary This exploit targets a kernel stack overflow in OpenBSD's IBCS2 COFF binary compatibility layer (CVE-2003-0955). It crafts a malicious COFF file with an oversized .shlib section to trigger the overflow and execute shellcode for privilege escalation.

Description

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Sinan Eren · clocalbsd
https://www.exploit-db.com/exploits/125

This exploit targets a kernel stack overflow in OpenBSD's IBCS2 COFF binary compatibility layer (CVE-2003-0955). It crafts a malicious COFF file with an oversized .shlib section to trigger the overflow and execute shellcode for privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: OpenBSD 2.x - 3.3 with IBCS2 enabled
No auth needed
Prerequisites: IBCS2 binary compatibility enabled · Ability to execute files on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb STUB VERIFIED
by Scott Bartram · clocalbsd
https://www.exploit-db.com/exploits/118

The provided code is a header file for IBCS2 executable formats (COFF and XENIX) and lacks exploit logic. It appears to be a truncated or incomplete snippet, missing the main exploit implementation.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: OpenBSD 3.4 (IBCS2 subsystem)
No auth needed
Prerequisites: Vulnerable OpenBSD 3.4 system with IBCS2 support
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Various Sources vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata33.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8978
Exploit, Vendor Advisory x_refsource_misc
http://www.guninski.com/msuxobsd2.html

Scores

EPSS 0.0114
EPSS Percentile 62.5%

Details

Status published
Products (2)
openbsd/openbsd 3.3
openbsd/openbsd 3.4
Published Dec 15, 2003
Tracked Since Feb 18, 2026