VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 15, 2003· Updated Jun 16, 2026

CVE-2003-0955

CVE-2003-0955

Description

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • OpenBSD/OpenBSD2 versions
    cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  • Red Hat/Kernelllm-fuzzy
    Range: = 3.3, 3.4

Patches

Vulnerability mechanics

Root cause

"A stack-based buffer overflow occurs when handling invalid executable headers in the iBCS2 emulation or ELF execution."

Attack vector

A local user can craft a program with an invalid header. When this program is executed, the kernel's iBCS2 emulation or ELF loader improperly handles the header, leading to a stack-based buffer overflow. This overflow can cause a denial of service by crashing the kernel (kernel panic) and potentially allow for arbitrary code execution [ref_id=2].

Affected code

The vulnerability exists in `ibcs2_exec.c` and `exec_elf.c` within the OpenBSD kernel. Specifically, the issue arises from how the size of executable headers is read and processed, leading to a buffer overflow when handling malformed inputs [ref_id=2].

What the fix does

The patch modifies the `ibcs2_exec.c` file to correctly handle the size of the executable header. It ensures that the size read from the binary is not used to copy into a stack-based buffer without proper bounds checking, thus preventing the overflow vulnerability [ref_id=2].

Preconditions

  • authThe attacker must have local user access to the affected system.
  • inputThe attacker must be able to execute a specially crafted program with an invalid header.

Reproduction

The provided reference [ref_id=1] includes C code that creates a malicious executable file and then attempts to execute it, demonstrating the vulnerability. The reference [ref_id=2] also contains exploit code.

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.