Bugtraq mailing list archives

Crash a redhat 5.1 linux box

From: amsdenz () AAVID COM (Zachary Amsden)
Date: Wed, 29 Jul 1998 16:32:09 -0400


Bug description:  the dumpreg utility included
with redhat 5.1 can cause kernel crashes.  The
reasons is that it opens /dev/mem with O_RDWR
access and blindly prints its output to fd 1.
This can be trivially exploited with a simple
program and run by any local user to corrupt
kernel memory.  Results may vary, but a crash
is pretty much inevitable given enough time.

A quick fix would be to remove setuid privs
from the dumpreg program, as this is not
needed for normal use.  Testing this exploit
on my system caused a fairly severe FS crash.

No script for you kiddies, guess you'll have
to learn how to program.

Don't flame me, I already reported it to Redhat

Zachary Amsden
amsden () andrew cmu edu

Current thread:

Re: Fwd: Any user can panic OpenBSD machine, (continued)
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
  - Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Warner Losh (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
    - netscape mail overflow(another one) Paul Boehm (Jul 28)
    - Re: netscape mail overflow(another one) Brett Glass (Jul 28)
    - Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
    - HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
    - Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
    - Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
    - FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
    - Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
    - who Paul Boehm (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
  - Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Peter Jeremy (Jul 27)

(Thread continues...)