OpenBSD Information for VU#358960

BSD i386_set_ldt syscall does not appropriately validate call gate targets

Status

Affected

Vendor Statement

Please see OpenBSD 2.8 Errata 022: SECURITY FIX: Mar 2, 2001 at

http://www.openbsd.com/errata.html#userldt

The OpenBSD Project also released a security announcement on Mar 2 titled: "Vulnerability in USER_LDT i386 kernel option"

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Some excerpts from the OpenBSD advisory:

This USER_LDT kernel option is not in the OpenBSD kernel by default, and is
only suggested for use by users running the WINE port. This option is not
documented elsewhere.

----------------------------------------------------------------------------

AFFECTED SYSTEMS

OpenBSD/i386 does not use or document the USER_LDT option. Only users of
the WINE port are instructed to enable this option.

A patch for this option was commited to the source tree on January 19, 2001.

----------------------------------------------------------------------------

RESOLUTION

If you are using an OpenBSD kernel compiled with "option USER_LDT", apply
the patch supplied at the bottom of this advisory and recompile your
kernel.

If you have feedback, comments, or additional information about this vulnerability, please send us email.