Insufficient validation in vga(4) may allow an attacker to gain root
privileges if the kernel is compiled with option PCIAGP and the actual
device is not an AGP device. The PCIAGP option is present by default on
i386 kernels only. This vulnerability has been discovered by Ilja van
Sprundel.
A patch addressing this problem is available in the -STABLE branches for
OpenBSD 3.9 and OpenBSD 4.0. Standalone patch files are also available:
- for OpenBSD 4.0:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/4.0/i386/007_agp.patch
- for OpenBSD 3.9:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.9/i386/017_agp.patch
For more information about OpenBSD errata and how to apply them, please
refer to FAQ 10.15:
http://www.OpenBSD.org/faq/faq10.html#Patches
