Bugtraq mailing list archives
Re: OpenBSD local DoS and root exploit
From: Dave Ahmad <da () securityfocus com>
Date: Thu, 9 May 2002 09:27:40 -0600 (MDT)
Hey, After posting this, Fozzy sent another message mentioning that he left out some credit. I requested that he fix the advisory and re-send it to the list, but he hasn't gotten back to me fast enough ;). This needs to go out, so here's the correction:
I realized this credit problem just after sending my post : "Three weeks ago, XXXXXXXX from Pine released an advisory..." should be : "Three weeks ago, Joost Pol from Pine released an advisory...".
Dave Ahmad SecurityFocus www.securityfocus.com On Thu, 9 May 2002 fozzy () dmpfrance com wrote:
The following is research material from FozZy from Hackademy and Hackerz Voice newspaper (http://www.hackerzvoice.org), and can be distributed modified or not if proper credits are given to them. For educational purposes only, no warranty of any kind, I may be wrong, this post could kill you mail reader, etc. -= OVERVIEW =- On current OpenBSD systems, any local user (being or not in the wheel group) can fill the kernel file descriptors table, leading to a denial of service. Because of a flaw in the way the kernel checks closed file descriptors 0-2 when running a setuid program, it is possible to combine these bugs and earn root access by winning a race condition.
Current thread:
- OpenBSD local DoS and root exploit fozzy (May 09)
- Re: OpenBSD local DoS and root exploit Dave Ahmad (May 09)
- Re: OpenBSD local DoS and root exploit Jonas Eriksson (May 10)
- Re: OpenBSD local DoS and root exploit Dave Ahmad (May 09)