|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Ahmad (da
securityfocus.com)Date: Thu May 09 2002 - 10:27:40 CDT
Hey,
After posting this, Fozzy sent another message mentioning that he left out
some credit. I requested that he fix the advisory and re-send it to the
list, but he hasn't gotten back to me fast enough ;). This needs to go
out, so here's the correction:
>I realized this credit problem just after sending my post :
>"Three weeks ago, XXXXXXXX from Pine released an advisory..." should be :
>"Three weeks ago, Joost Pol from Pine released an advisory...".
Dave Ahmad
SecurityFocus
www.securityfocus.com
On Thu, 9 May 2002 fozzydmpfrance.com wrote:
>
> The following is research material from FozZy from Hackademy and Hackerz
> Voice newspaper (http://www.hackerzvoice.org), and can be distributed
> modified or not if proper credits are given to them. For educational
> purposes only, no warranty of any kind, I may be wrong, this post could
> kill you mail reader, etc.
>
>
> -= OVERVIEW =-
>
> On current OpenBSD systems, any local user (being or not in the wheel
> group) can fill the kernel file descriptors table, leading to a denial of
> service. Because of a flaw in the way the kernel checks closed file
> descriptors 0-2 when running a setuid program, it is possible to combine
> these bugs and earn root access by winning a race condition.
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]