Vulnerability Note VU#358960
BSD i386_set_ldt syscall does not appropriately validate call gate targets
There are a set of kernel interfaces called "call gates" which are code primitives used to build system-level calls into an operating system's kernel. A subset of these "calls gates" may be able to be manipulated on some operating systems which use improper privilege checking when accessing local descriptor tables (LDTs)
Of specific concern is the syscall "i386_set_ldt" , which accesses a call gate without first validating whether a ring transition to a more privileged segment in the LDT is appropriate.
Of special note is an observation shared in the NetBSD security advisory on this issue:
A user with access to a local account may gain privileges reserved for the kernel.
Apply kernel patches provided by your vendor.
The fix to NetBSD [for example]:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|NetBSD||Affected||16 Jan 2001||16 Feb 2001|
|OpenBSD||Affected||19 Jan 2001||02 Mar 2001|
CVSS Metrics (Learn More)
This was initially reported by Bill Sommerfeld.
This document was written by Jeff S Havrilla
- CVE IDs: Unknown
- Date Public: 16 Feb 2001
- Date First Published: 16 Feb 2001
- Date Last Updated: 02 Mar 2001
- Severity Metric: 7.12
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.