TITLE:
OpenBSD Semaphore Limit Integer Overflow

SECUNIA ADVISORY ID:
SA9722

VERIFY ADVISORY:
http://www.secunia.com/advisories/9722/

CRITICAL:
Not critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
OpenBSD 3.x

DESCRIPTION:
A vulnerability has been identified in OpenBSD allowing a malicious
root user to escalate privileges.

The problem is that the "root" user may set the semaphore limit to a
high value, which causes an integer overflow. This could be exploited
to bypass the security level access control (securelevel) specified
at boot time.

SOLUTION:
A patch is available for OpenBSD 3.3:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch

This has been fixed in OpenBSD current.

ORIGINAL ADVISORY:
http://www.openbsd.org/errata.html#sysvsem

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web	: http://www.secunia.com/
E-mail	: support@secunia.com
Tel	: +45 7020 5144
Fax	: +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------