• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenBSD setitimer(2) Kernel Memory Overwrite Vulnerability

OpenBSD has reported a vulnerability in the 'setitimer(2)' system call. The vulnerability likely stems from an error in handling signed integers. Exploiting this vulnerability may allow local attackers to write to kernel memory and obtain root privileges.

Other BSD-based operating systems are likely vulnerable.