Bugtraq mailing list archives
Sendfile daemon bugs
From: psheep () hushmail com
Date: Tue, 15 May 2001 09:10:49 -0700 (MDT)
I have attached two simple scripts which exploit vulnerabilities which exist in the some versions of the Sendfile daemon, both allow a local attacker to gain superuser privileges. The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches provided in Debian Security Advisory DSA-050-1 and then DSA-052-1 and was reported by Colin Phipps in November 2000, somehow it has still not been fixed. The second bug has been reported (without any success) to Debian, it is the result of a serialization error combined with a lack of error checking. Anyone using this package should download the most recent copy of the source code directly from the author's site and manually compile it, or apply the patch used in Debian-unstable (sendfile_2.1-25). Up-to-date copies of the source can be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current Free, encrypted, secure Web-based email at www.hushmail.com
Attachment:
sfdfwd.sh
Description:
Attachment:
sfdnfy.sh
Description:
Current thread:
- Sendfile daemon bugs psheep (May 15)