What is the severity of CVE-2001-0268?

CVE-2001-0268 has a critical severity rating due to its potential to allow local users to gain root privileges.

How do I fix CVE-2001-0268?

To fix CVE-2001-0268, users should upgrade to a version of OpenBSD later than 2.8 or NetBSD later than 1.5, where this vulnerability is patched.

What does CVE-2001-0268 exploit?

CVE-2001-0268 exploits the lack of validation on a call gate target in the i386_set_ldt system call.

Can CVE-2001-0268 be exploited remotely?

No, CVE-2001-0268 requires local access to the system to exploit the vulnerability.

Vulnerability/
CVE-2001-0268

high

7.2

CWE

NVD-CWE-Other

3/5/2001

7/5/2001

8/8/2024

CVE-2001-0268

Q: Who is affected by CVE-2001-0268?

CVE-2001-0268 affects local users of NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier when the USER_LDT kernel option is enabled.

First published: Thu May 03 2001(Updated: )

The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
OpenBSD	<=2.8
NetBSD current	<=1.5

Remedy

http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2001-0268?
CVE-2001-0268 has a critical severity rating due to its potential to allow local users to gain root privileges.
How do I fix CVE-2001-0268?
To fix CVE-2001-0268, users should upgrade to a version of OpenBSD later than 2.8 or NetBSD later than 1.5, where this vulnerability is patched.
Who is affected by CVE-2001-0268?
CVE-2001-0268 affects local users of NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier when the USER_LDT kernel option is enabled.
What does CVE-2001-0268 exploit?
CVE-2001-0268 exploits the lack of validation on a call gate target in the i386_set_ldt system call.
Can CVE-2001-0268 be exploited remotely?
No, CVE-2001-0268 requires local access to the system to exploit the vulnerability.

agent/references
agent/type
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/openbsd
canonical/openbsd
version/openbsd/2.8
vendor/netbsd
canonical/netbsd current
version/netbsd current/1.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.