Key Information Regarding the Vulnerability: Registered Date: - September 15, 1997 Vulnerability Description: - A vulnerability in the 4.4BSD kernel allows unprivileged users to send certain signals to arbitrary processes on the system. Depending on the operating system and targeted program, this may allow users to kill off processes or disrupt the operation of certain programs. Affected Systems: - This vulnerability has been tested on all available 4.4BSD-based operating systems, including BSDI, NetBSD, OpenBSD, and FreeBSD, in their most recent release revisions. - It also impacts SGI IRIX. Technical Details: - The vulnerability exists due to lack of credential checking in the kernel when setting the recipient of I/O notification. - BSD-based kernels maintain this information in descriptor-specific data structures unrelated to the process table. The affected vulnerability involves sockets, log device, bpf(4), and tun devices. - By setting the recipient of signal notification to a process that is not owned by the program, the kernel can be tricked into signaling arbitrary programs. Resolution: - The vulnerability can only be fixed by patching the problematic system code. The advisory provides patches for the OpenBSD operating system. FreeBSD is known to be working on a similar resolution. Patches: - The provided OpenBSD patch ensures the kernel tracks the credentials of the process associated with an I/O object. The credentials are checked when an I/O notification is set, addressing both the F_SETOWN and PID reuse problems. Credits and Recognition: - Dropskull (Research and Patching)