Title: OpenBSD Dup2 VFS Race Condition Denial Of Service Vulnerability
Severity: MODERATE
Description:
OpenBSD is a BSD based operating system maintained and distributed by the OpenBSD project. OpenBSD has been designed as a secure implementation of the BSD Operating System, and offers numerous security features.
A problem in the kernel could allow a local user to crash a vulnerable system. This is due to a design problem involving rfork() and the dup2() system calls.
Under normal conditions, the rfork() system call allows child processes to share the file descriptor table with their parent processes. The dup2() system call allows file descriptors between two processes to be copied.
The problem occurs in the finishdup() function, where a process may enter sleep while another process sharing the file descriptor table functions. The finishdup() function does not check whether the file descriptor is null prior to dereferencing it. Therefore, another process running while the process in finishdup() is in sleep could set the file descriptor to null. Upon the process in finishdup() returning from sleep, it could dereference the file descriptor already set to null, causing a kernel panic.
Affected Products:
- OpenBSD OpenBSD 2.6.0
- OpenBSD OpenBSD 2.7.0
- OpenBSD OpenBSD 2.8.0
- OpenBSD OpenBSD 2.9.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
