Bugtraq mailing list archives
Re: [HERT] Advisory #002 Buffer overflow in lsof
From: lamontg () RAVEN GENOME WASHINGTON EDU (Lamont Granquist)
Date: Thu, 18 Feb 1999 11:29:51 -0800
Since this is a buffer overflow in enter_uid() which is called out of main() the operating systems which have the RA lower on the stack and require two returns will not be vulnerable to this. That means that this bug is not exploitable on Digital Unix, Solaris/sparc and IRIX(?). It would be exploitable in principle on Solaris/x86 and on any other O/S with the RA above the stack. Digital Unix, Solaris and IRIX to my knowledge don't ship with lsof, but admins may have installed them suid or sgid in /usr/local/bin... -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- Re: [HERT] Advisory #002 Buffer overflow in lsof, (continued)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Peter W (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof John DiMarco (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof brian j pardy (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Greg Woods (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof route () RESENTMENT INFONEXUS COM (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Fred W. Noltie Jr. (Feb 19)
- Call to politeness (Re: [HERT] Advisory #002 Buffer overflow in alecm (Feb 19)
- pine 4.10 patches (similar to 4.05) GvS (Feb 20)
- Re: [HERT] Advisory #002 Buffer overflow in lsof M.C.Mar (Feb 20)
- full disclosure and vendor education Antonomasia (Feb 20)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Lamont Granquist (Feb 18)
- Win98 Buffer Overflow (File attached) Scott (Feb 14)