Bugtraq mailing list archives
Re: [HERT] Advisory #002 Buffer overflow in lsof
From: Oliver_Friedrichs () NAI COM (Friedrichs, Oliver)
Date: Thu, 18 Feb 1999 13:48:22 -0800
If lsof is installed setgid kmem, it shouldn't gain any privileges to overwrite something to gain root access. At worst, it should only be possible to read things in kernel memory that ordinary users shouldn't have access to (I suppose this might include a password in a tty buffer if the cracker got really lucky).
In the past some OS's have had problems whereby even though kmem was read-only, you could use mmap() to obtain write access to it. Although this is (hopefully) fixed everywhere now, it would have been a good example of how to get instant root with this bug. see http://www.openbsd.org/advisories/mmap I would say that read access alone is enough however... - Oliver
Current thread:
- Re: [HERT] Advisory #002 Buffer overflow in lsof, (continued)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Mariusz Marcinkiewicz (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Lee Brotzman (Feb 22)
- NcFTPd remote buffer overflow Julien Nadeau (Feb 23)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alan Cox (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alex Shnitman (Feb 20)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Wichert Akkerman (Feb 21)
- Possible DOS attack in the .nu domain service Shane Wegner (Feb 20)
- Severe Security Hole in ARCserve NT agents (fwd) Weld Pond (Feb 21)
- Administrivia Aleph One (Feb 22)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Mariusz Marcinkiewicz (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Friedrichs, Oliver (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Eric Stevens (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof johann sebastian bach (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof der Mouse (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Zhodiac (Feb 21)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Ronny Cook (Feb 21)