CVE-2002-2180

CVSS 6.8 - MEDIUM

Description

The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.

Affected Products

12

Vendor	Product	Version
openbsd	openbsd	`2.0`
openbsd	openbsd	`2.1`
openbsd	openbsd	`2.2`
openbsd	openbsd	`2.3`
openbsd	openbsd	`2.4`
openbsd	openbsd	`2.5`
openbsd	openbsd	`2.6`
openbsd	openbsd	`2.7`
openbsd	openbsd	`2.8`
openbsd	openbsd	`2.9`
openbsd	openbsd	`3.0`
openbsd	openbsd	`3.1`

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/comm...

http://www.iss.net/security_center/static/10278.ph...

http://www.openbsd.org/plus32.html

http://www.securityfocus.com/bid/5861

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/comm...

http://www.iss.net/security_center/static/10278.ph...

http://www.openbsd.org/plus32.html

http://www.securityfocus.com/bid/5861

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2002-2180
Published:: 2002-12-31
Modified:: 2026-04-16
CVSS Score:: 6.8
Severity:: MEDIUM
Vector:: AV:L/AC:L/Au:S/C:C/I:C/A:C

Affected Vendors

openbsd

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL