Subject: Re: compat_ibcs2(8) privilege escalation (3.3) / kernel panic (3.4)

On Tue, Nov 18, 2003 at 02:57:31PM +0100, Henning Brauer wrote:
> Georgi Guninski reported a stack overrun due to a missing bounds check 
> in the kernel's iBCS2 emulation.  Another similar problem was also fixed 
> at the same time.
> 
> This issue only affects the i386 architecture.
> 
> On OpenBSD 3.3, this may result in arbitray code execution and local user
> privilege escalation.
> 
> On OpenBSD 3.4, ProPolice catches this, turning a potential privilege
> escalation into a denial of service.
> 
> Fixes have been committed to the -stable cvs branches, and patches are
> also available at
>   ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/006_ibcs2.patch
> and
>   ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/011_ibcs2.patch

sorry, the pathes are wrong in the initial mail.
the correct ones are
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/i386/006_ibcs2.patch
and
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch