Bugtraq mailing list archives
Crash a redhat 5.1 linux box
From: amsdenz () AAVID COM (Zachary Amsden)
Date: Wed, 29 Jul 1998 16:32:09 -0400
Bug description: the dumpreg utility included with redhat 5.1 can cause kernel crashes. The reasons is that it opens /dev/mem with O_RDWR access and blindly prints its output to fd 1. This can be trivially exploited with a simple program and run by any local user to corrupt kernel memory. Results may vary, but a crash is pretty much inevitable given enough time. A quick fix would be to remove setuid privs from the dumpreg program, as this is not needed for normal use. Testing this exploit on my system caused a fairly severe FS crash. No script for you kiddies, guess you'll have to learn how to program. Don't flame me, I already reported it to Redhat Zachary Amsden amsden () andrew cmu edu
Current thread:
- Re: Fwd: Any user can panic OpenBSD machine, (continued)
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Warner Losh (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
- netscape mail overflow(another one) Paul Boehm (Jul 28)
- Re: netscape mail overflow(another one) Brett Glass (Jul 28)
- Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
- HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
- Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
- who Paul Boehm (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)