Re: [HERT] Advisory #002 Buffer overflow in lsof

From: Lamont Granquist (lamontgat_private)
Date: Thu Feb 18 1999 - 11:29:51 PST

Next message: Jamie Fifield: "Debian GNU/Linux 2.0r5 released (fwd)"

Previous message: Larry W. Cashdollar: "snap utility for AIX."
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: Don Lewis: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since this is a buffer overflow in enter_uid() which is called out of
main() the operating systems which have the RA lower on the stack and
require two returns will not be vulnerable to this.  That means that this
bug is not exploitable on Digital Unix, Solaris/sparc and IRIX(?).  It
would be exploitable in principle on Solaris/x86 and on any other O/S with
the RA above the stack.

Digital Unix, Solaris and IRIX to my knowledge don't ship with lsof, but
admins may have installed them suid or sgid in /usr/local/bin...

--
Lamont Granquist                       lamontgat_private
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontgat_private | pgp -fka

Next message: Jamie Fifield: "Debian GNU/Linux 2.0r5 released (fwd)"
Previous message: Larry W. Cashdollar: "snap utility for AIX."
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: Don Lewis: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:24 PDT