Bug description: the dumpreg utility included with redhat 5.1 can cause kernel crashes. The reasons is that it opens /dev/mem with O_RDWR access and blindly prints its output to fd 1. This can be trivially exploited with a simple program and run by any local user to corrupt kernel memory. Results may vary, but a crash is pretty much inevitable given enough time. A quick fix would be to remove setuid privs from the dumpreg program, as this is not needed for normal use. Testing this exploit on my system caused a fairly severe FS crash. No script for you kiddies, guess you'll have to learn how to program. Don't flame me, I already reported it to Redhat Zachary Amsden amsdenat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:07 PDT