Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: [HERT] Advisory #002 Buffer overflow in lsof

Re: [HERT] Advisory #002 Buffer overflow in lsof

Don Lewis (Don.LewisTSC.TDK.COM)
Thu, 18 Feb 1999 08:31:33 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: alexander tampermeier: "ISS Internet Scanner Brute Force Bug"
Previous message: root: "ADMsnmp SNMP Audit scanner"
Next in thread: Mariusz Marcinkiewicz: "Re: [HERT] Advisory #002 Buffer overflow in lsof"

On Feb 18,  1:30am, "Anthony C . Zboralski" wrote:
} Subject: [HERT] Advisory #002 Buffer overflow in lsof

}    When lsof is setuid-root or setgid kmem, it is vulnerable to a buffer
}    overflow that will lead to direct root compromise or root compromise
}    thru live kernel patching.

If lsof is installed setgid kmem, it shouldn't gain any privileges to
overwrite something to gain root access.  At worst, it should only be
possible to read things in kernel memory that ordinary users shouldn't
have access to (I suppose this might include a password in a tty buffer
if the cracker got really lucky).

... or are there systems that give group kmem write privileges?  If so,
I'd say that's a security hole.

Next message: alexander tampermeier: "ISS Internet Scanner Brute Force Bug"
Previous message: root: "ADMsnmp SNMP Audit scanner"
Next in thread: Mariusz Marcinkiewicz: "Re: [HERT] Advisory #002 Buffer overflow in lsof"