Re: [HERT] Advisory #002 Buffer overflow in lsof

From: Friedrichs, Oliver (Oliver_Friedrichsat_private)
Date: Thu Feb 18 1999 - 13:48:22 PST

Next message: routeat_private: "Re: [HERT] Advisory #002 Buffer overflow in lsof"

Previous message: Aviram Jenik: "OT: Copyright on Security advisories"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: routeat_private: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>If lsof is installed setgid kmem, it shouldn't gain any privileges to
>overwrite something to gain root access.  At worst, it should only be
>possible to read things in kernel memory that ordinary users shouldn't
>have access to (I suppose this might include a password in a tty buffer
>if the cracker got really lucky).

In the past some OS's have had problems whereby even though kmem was
read-only, you could use mmap() to obtain write access to it.  Although
this is (hopefully) fixed everywhere now, it would have been a good
example of how to get instant root with this bug.

see http://www.openbsd.org/advisories/mmap

I would say that read access alone is enough however...

- Oliver

Next message: routeat_private: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Previous message: Aviram Jenik: "OT: Copyright on Security advisories"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: routeat_private: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:46 PDT