Vulnerability Name:

CVE-2006-5218 (CCN-29392)

Assigned:2006-10-07
Published:2006-10-07
Updated:2017-07-20
Summary:Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
A patch has been released for each affected product which addresses this vulnerability.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-5218

Source: CCN
Type: NetBSD-SA2006-024
systrace(4) integer overflow

Source: OPENBSD
Type: Patch
[3.9] 20061007 014: SECURITY FIX: October 7, 2006

Source: MISC
Type: Exploit
http://scary.beasts.org/security/CESA-2006-003.html

Source: CCN
Type: SA22324
OpenBSD systrace "systrace_preprepl()" Integer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
22324

Source: CCN
Type: SECTRACK ID: 1017009
BSD UNIX systrace STRIOCREPLACE Integer Overflow Lets Local Users Obtain Elevated Privileges

Source: SECTRACK
Type: Patch
1017009

Source: CCN
Type: OpenBSD 3.9 errata
014: SECURITY FIX: October 7, 2006

Source: CCN
Type: OpenBSD 3.8 errata
019: SECURITY FIX: October 7, 2006

Source: OSVDB
Type: UNKNOWN
29570

Source: CCN
Type: OSVDB ID: 29570
Multiple BSD systrace systrace_preprepl() Function Overflow

Source: BID
Type: Patch
20392

Source: CCN
Type: BID-20392
OpenBSD Systrace STRIOCREPLACE Local Integer Overflow Vulnerability

Source: XF
Type: UNKNOWN
openbsd-systracepreprepl-integer-overflow(29392)

Source: XF
Type: UNKNOWN
openbsd-systracepreprepl-integer-overflow(29392)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.8:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:netbsd:netbsd:current:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.8:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netbsd netbsd 3.0
    openbsd openbsd 3.8
    openbsd openbsd 3.9
    netbsd netbsd current
    netbsd netbsd 2.0
    openbsd openbsd 3.8
    netbsd netbsd 2.1
    netbsd netbsd 2.0.3
    netbsd netbsd 3.0
    netbsd netbsd 2.0.1
    netbsd netbsd 2.0.2
    openbsd openbsd 3.9
    netbsd netbsd 3.0.1
    netbsd netbsd 2.0.4
    netbsd netbsd 3.0.2