Vulnerability Development mailing list archives
Re: fbsd 3.3 ospf_monitor research
From: sebastion () IRELANDMAIL COM (Jeff Bachtel)
Date: Sun, 10 Oct 1999 08:30:28 -0500
Isn't OSPF a layer directly over IP? That is, doesn't it require using special libraries with root priv's to open up a socket to listen to OSPF traffic? Of course, I may be smoking crack here. jeff (not that I would install it suid. If you need to monitor OSPF, you are probably root anyway, and can set up sudo and whatnot)
I wonder if anyone could research fbsd 3.3's ospf_monitor program. It has an exploitable buffer overflow: bash-2.03$ ./smashf 1100 600 Using address: 0xbfbfd834 bash-2.03$ ospf_monitor AA$RET listening on 0.0.0.0.1495 monconf: Can't open monitor conf file ... uid=1000 euid=1000 gid=1000 egid=1000 bash-2.03$ But evidently drops privs before it occurs (apparently after it binds to port 1495). Now why, if it binds to an unpriv'd port, would it have suidroot privs to begin with? And what could command execution actually get us if not a rootshell? Brock Tellier UNIX Systems Administrator
Current thread:
- Re: Guestbook perl script (error fix) Blue Boar (Oct 04)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
- Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
- SSH and X11 forwarding Rob Quinn (Oct 08)
- fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
- Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
- Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
- restoretextmode problems robert (Oct 11)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- NT SysKey should be breakable Mikael Olsson (Oct 08)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 09)
- 2 dodgy network programs Antonomasia (Oct 09)
- Re: 2 dodgy network programs Nick 'Zaf' Clifford (Oct 09)
- Re: 2 dodgy network programs David R. Conrad (Oct 13)
- Classes? Devin Walters (Oct 16)
- Re: Classes? Blue Boar (Oct 16)
- Re: Classes? Dragos Ruiu (Oct 16)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)