OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability

June 13, 2015 007admin Leave a comment

Posted by Bruno Luiz on Jun 14

Impact

A non-privileged use could cause a local Denial-of-Service (DoS) condition by triggering a kernel panic through a
malformed ELF
executable.

The kernel panic is reached at the UVM (virtual memory) subsystem. There are different if-else validations inside
uvm_map(),and
uvm_map_vmspace_update() is called in the last else block as follows:

sys/uvm/uvm_map.c:
if (flags & UVM_FLAG_FIXED) {
…
} else if (*addr != 0 && (*addr…

007 Software

OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability

Leave a Reply Cancel reply

Software and Security Information