CVE-2002-1420

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=102918817012863&w=2
http://www.iss.net/security_center/static/9809.php	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/259787	US Government Resource
http://www.osvdb.org/7554
http://www.securityfocus.com/bid/5442	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:openbsd:openbsd:3.0:::::::*
	cpe:2.3:o:openbsd:openbsd:3.1:::::::*

History

No history.

Information

Published : 2003-04-11 04:00

Updated : 2016-10-18 02:27

NVD link : CVE-2002-1420

Mitre link : CVE-2002-1420

CVE.ORG link : CVE-2002-1420

JSON object : View

Products Affected

openbsd

openbsd

CWE

NVD-CWE-Other

{"id": "CVE-2002-1420", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-04-11T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=102918817012863&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9809.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/259787", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/7554", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5442", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation."}, {"lang": "es", "value": "Error de falta de signo en entero en select() de OpenBSD 3.1 y anteriores permite a usuarios locales sobreescribir memoria del kernel arbitraria mediante un valor negativo en el par\u00e1metro de tama\u00f1o, que satisface la comprobaci\u00f3n de l\u00edmites de entero con signo, pero que es usado luego como un entero sin signo durante una operaci\u00f3n de copia de datos."}], "lastModified": "2016-10-18T02:27:00.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE"}, {"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10