Vigil@nce - OpenBSD: denial of service via sys_execve()
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a fatal error in sys_execve() of OpenBSD,
in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 2/4.
Creation date: 15/06/2015.
DESCRIPTION OF THE VULNERABILITY
The OpenBSD uses the ELF format for executable programs.
The ELF header states the size of the memory areas of the future
process and the requirements for their alignment. However, the
OpenBSD kernel does not handle some invalid values for the
alignment. Such an invalid case leads to a kernel panic and so to
host freeze.
An attacker can therefore launch an ELF program with an ill formed
ELF header under of OpenBSD, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenBSD-denial-of-service-via-sys-execve-17135