Bugtraq mailing list archives

Re: top format string bug exploit code (exploitable)

From: Lupe Christoph <lupe () lupe-christoph de>
Date: Thu, 26 Jul 2001 08:42:18 +0200

On Wednesday, 2001-07-25 at 19:24:29 +0900, SeungHyun Seo wrote:

It still seems to be affected under 3.5beta9 (including this version)
someone said it's not the problem of exploitable vulnerability about 8 month ago ,
but it's possible to exploit though situation is difficult.
following code and some procedure comments demonstrate it.

possible to get kmem priviledge in the XXXXBSD which is still not patched,
possible to get root priviledge in solaris .


Top does not need to be SUID root in Solaris, either. The default
install uses this mode (clipped from the Makefile generated on
Solaris 8 x86):
MODE   = 2711
GROUP  = sys
Both /dev/mem and /dev/kmem are
crw-r-----   1 root     sys       13,  1 Dec  3  2000 /dev/kmem
crw-r-----   1 root     sys       13,  0 Dec  3  2000 /dev/mem

Lupe Christoph
-- 
| lupe () lupe-christoph de       |        http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a      |
| Bat-Leth contest on the holodeck. They will not concern us again.      |
| http://public.logica.com/~stepneys/joke/klingon.htm                    |

Current thread:

top format string bug exploit code (exploitable) SeungHyun Seo (Jul 25)
- Re: top format string bug exploit code (exploitable) David Brownlee (Jul 25)
  - Re: top format string bug exploit code (exploitable) Joe Warren-Meeks (Jul 27)
- Re: top format string bug exploit code (exploitable) Przemyslaw Frasunek (Jul 25)
- Re: top format string bug exploit code (exploitable) Lupe Christoph (Jul 26)