Bugtraq mailing list archives
Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 1 Apr 2007 16:58:47 +0200 (CEST)
On Wed, 28 Mar 2007, Tim Rees wrote:
All other system binaries (e.g. screen etc.) are now inaccessible, but if a user (or root) runs sudo (or whatever the user names it) in the meantime before someone realises something is wrong, the malicious binary will be executed.
You do not have to rely on some other user running your trojan horse. You can replace a program run automatically (e.g. by cron). Or something even better: replace system dynamic libraries (e.g. /lib/tls) and run a dynamically linked setuid program of your own choice. Instant ownage! (Moreover, the latter approach is quite easy to exploit without making the system unusable.) This is a very serious vulnerability. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) Pavel Kankovsky (Apr 02)
- <Possible follow-ups>
- Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) Marco Ivaldi (Apr 04)