Full Disclosure mailing list archives
Re: Multiple OS kernel insecure handling of stdio file descriptor
From: Peter Jeremy <peter.jeremy () alcatel-lucent com au>
Date: Fri, 19 Jan 2007 08:04:57 +1100
On 2007-Jan-18 22:21:52 +0800, XFOCUS Security Team <security () xfocus org> wrote:
The affected OSes allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. the attack which exploit this vulnerability possibly get root right.
This vulnerability has been known for years. OpenBSD implemented a kernel check to block this attack in 1998. FreeBSD and NetBSD have similar kernel checks and I believe glibc also has checks to block this. It is disturbing that none of the commercial OS vendors appear to have bothered to protect against this. -- Peter Jeremy
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple OS kernel insecure handling of stdio file descriptor XFOCUS Security Team (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor 3APA3A (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Peter Jeremy (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Shiva Persaud (Jan 19)
- Re: Multiple OS kernel insecure handling of stdio file descriptor eugeny gladkih (Jan 20)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Troy Bollinger (Jan 23)
- Message not available
- Re: Multiple OS kernel insecure handling of stdio file descriptor Michele Cicciotti (Jan 20)
- Re: Multiple OS kernel insecure handling of stdio file descriptor eugeny gladkih (Jan 20)
- Message not available
- Message not available
- Re: Multiple OS kernel insecure handling of stdio file descriptor XFOCUS Security Team (Jan 24)
- Message not available