I would have appreciated the courtesy of an advance notice that this problem had been discovered. 5 minutes after I learned of it *third-hand* via DejaNews this patch was available and announced to the lsof-l mailing list: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/patches/4.40/arg.c.patch Vic Abell <abeat_private>, lsof author > -----Original Message----- > From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Anthony C . > Zboralski > Sent: Wednesday, February 17, 1999 7:31 PM > To: BUGTRAQat_private > Subject: [HERT] Advisory #002 Buffer overflow in lsof > > > -----BEGIN PGP SIGNED MESSAGE----- > > - -------------------------------------------------------------- > HERT - Hacker Emergency Response Team > alertat_private - http://www.hert.org > > Advisory: #00002 > Title: lsof > Date: 17 February 1999 > Summary: Buffer overflow in lsof version 4.40 and prior > IMPACT: Local users may obtain root priviledge. > > Author: Mariusz Tmoggie Marcinkiewicz <tmoggieat_private> > Test Exploit: kil3rat_private > - --------------------------------------------------------------- > > Copyright (C) 1999 Hacker Emergency Response Team > > Permission is granted to reproduce and distribute HERT advisories in their > entirety, provided the HERT PGP signature is included and provided the alert is used for noncommercial purposes and with > the intent of increasing the aware- > ness of the Internet community. > > This advisory is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > 1. Background: > > lsof - list open files > Lsof lists information about files opened by processes for most > UNIX dialects. > > When lsof is setuid-root or setgid kmem, it is vulnerable to a buffer > overflow that will lead to direct root compromise or root compromise > thru live kernel patching. > > The paradox is that lsof is a great security tool for administrators and > we encourage its uses as long as it is NOT setuid-root or setgid. > > Test exploit code for this vulnerability was developped by kil3rat_private > and will be made available to lsof author, HERT collaborators, sponsors > and partners. > > 2. Distributions known to be affected. > > OpenBSD 2.4's ports facility retrieves and builds lsof package setgid kmem. > FreeBSD's ports facility retrieves and builds lsof package setgid kmem. > SuSe Linux ships lsof setgid kmem. > Debian GNU/Linux 2.0 ships lsof setgid kmem. > Redhat Linux 5.2 ships lsof setgid kmem. > > 3. Recommendations > > Fix: > > chmod 0755 lsof > > To subscribe to the HERT Alert mailing list, email alertat_private > with subscribe in the body of the message. > > Contact hertat_private for more information. > The HERT PGP public key is available at ftp://ftp.hert.org/pub/HERT_PGP.key > > To report a vulnerability: http://www.hert.org/vul_reporting_form > > We would like to thank the individuals who donates some of their time to HERT. > > HERT is a non-profit international organisation based in France. > If you wish to join the HERT effort please send a note to hertat_private > - -- > Please respect the privacy of this mailing list. > To UNSUBSCRIBE, email to hert-private-requestat_private > with "unsubscribe" in the body. Trouble? Contact listmasterat_private > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: latin1 > > iQCVAwUBNss8D7iV3oeHg1NdAQGHZwP+L76JOU2iHtvl2i3AHP3VDdEJ6W8M5zjf > vVWDpQY7z4qmW4Ai/D5mnzeRwUey8W9imkoY4J4cF3/O+s/70+rsbwAKsmVgztBm > DjhdWfMl/yz0ZT8zATJV+YVGtPQsmzvPbZR7YWOQh7oQQyPwzQXkswHkTB24Fsdg > ehmkQnF1N9c= > =Ohr4 > -----END PGP SIGNATURE----- >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:17 PDT