Since this is a buffer overflow in enter_uid() which is called out of main() the operating systems which have the RA lower on the stack and require two returns will not be vulnerable to this. That means that this bug is not exploitable on Digital Unix, Solaris/sparc and IRIX(?). It would be exploitable in principle on Solaris/x86 and on any other O/S with the RA above the stack. Digital Unix, Solaris and IRIX to my knowledge don't ship with lsof, but admins may have installed them suid or sgid in /usr/local/bin... -- Lamont Granquist lamontgat_private Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontgat_private | pgp -fka
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:24 PDT