Vulnerability Name:

CVE-2001-1047 (CCN-6660)

Assigned:2001-06-02
Published:2001-06-02
Updated:2017-12-19
Summary:Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
CVSS v3 Severity:2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Sat Jun 02 2001 - 18:00:08 CDT
Locally exploitable races in OpenBSD VFS

Source: MITRE
Type: CNA
CVE-2001-1047

Source: BUGTRAQ
Type: UNKNOWN
20010602 Locally exploitable races in OpenBSD VFS

Source: BID
Type: Vendor Advisory
2817

Source: CCN
Type: BID-2817
OpenBSD Dup2 VFS Race Condition Denial Of Service Vulnerability

Source: BID
Type: Vendor Advisory
2818

Source: CCN
Type: BID-2818
OpenBSD Pipe VFS Race Condition Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
openbsd-dup2-race-dos(6660)

Source: XF
Type: UNKNOWN
openbsd-dup2-race-dos(6660)

Source: XF
Type: UNKNOWN
openbsd-pipe-race-dos(6661)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.9:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2001-1047 (CCN-6661)

    Assigned:2001-06-02
    Published:2001-06-02
    Updated:2017-12-19
    Summary:Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
    CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): High
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Sat Jun 02 2001 - 18:00:08 CDT
    Locally exploitable races in OpenBSD VFS

    Source: MITRE
    Type: CNA
    CVE-2001-1047

    Source: CCN
    Type: BID-2817
    OpenBSD Dup2 VFS Race Condition Denial Of Service Vulnerability

    Source: CCN
    Type: BID-2818
    OpenBSD Pipe VFS Race Condition Denial Of Service Vulnerability

    Source: XF
    Type: UNKNOWN
    openbsd-pipe-race-dos(6661)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openbsd openbsd 2.6
    openbsd openbsd 2.7
    openbsd openbsd 2.8
    openbsd openbsd 2.9
    openbsd openbsd 2.6
    openbsd openbsd 2.7
    openbsd openbsd 2.8
    openbsd openbsd 2.9
    openbsd openbsd 2.6
    openbsd openbsd 2.7
    openbsd openbsd 2.8
    openbsd openbsd 2.9