Notified: January 16, 2001 Updated: February 16, 2001
Affected
NetBSD is vulnerable on x86 platforms only. Please see NetBSD-SA2001-002, "Vulnerability in x86 USER_LDT validation": ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-002.txt.asc
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 19, 2001 Updated: March 02, 2001
Affected
Please see OpenBSD 2.8 Errata 022: SECURITY FIX: Mar 2, 2001 at http://www.openbsd.com/errata.html#userldt The OpenBSD Project also released a security announcement on Mar 2 titled: "Vulnerability in USER_LDT i386 kernel option"
The vendor has not provided us with any further information regarding this vulnerability.
Some excerpts from the OpenBSD advisory: This USER_LDT kernel option is not in the OpenBSD kernel by default, and is only suggested for use by users running the WINE port. This option is not documented elsewhere. AFFECTED SYSTEMS OpenBSD/i386 does not use or document the USER_LDT option. Only users of the WINE port are instructed to enable this option. A patch for this option was commited to the source tree on January 19, 2001. RESOLUTION If you are using an OpenBSD kernel compiled with "option USER_LDT", apply the patch supplied at the bottom of this advisory and recompile your kernel.