Title: OpenBSD Pipe VFS Race Condition Denial Of Service Vulnerability
Severity: MODERATE
Description:
OpenBSD is a BSD based operating system maintained and distributed by the OpenBSD project. OpenBSD has been designed as a secure implementation of the BSD Operating System, and offers numerous security features.
A problem within the kernel makes it possible for a local user to cause a kernel panic. This problem can be exploited to cause a Denial of Service attack against legitimate users of the system.
The problem involves the handling of pipes by the kernel. During normal operations, a thread within a process using a pipe between two files does so by creating two file descriptors in the file descriptor table.
Once the thread has created the two file descriptors, it is possible for another thread from within the same process to set one of the file descriptors within the file descriptor table to null. In doing so, when the other thread attempts to dereference the file descriptor, a kernel panic occurs, causing the system to halt operation.
Affected Products:
- OpenBSD OpenBSD 2.6.0
- OpenBSD OpenBSD 2.7.0
- OpenBSD OpenBSD 2.8.0
- OpenBSD OpenBSD 2.9.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
