Re: [HERT] Advisory #002 Buffer overflow in lsof

From: M.C.Mar (woloszynat_private)
Date: Sat Feb 20 1999 - 05:13:17 PST

Next message: veni markovski: "Re: EMAILed Trojan"

Previous message: Chris Wedgwood: "Re: Pro/wuFTPD DoS"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: brian j pardy: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 18 Feb 1999 routeat_private wrote:

> [Gene Spafford wrote]
> |
> | People who publish bugs/exploits that are not being actively exploited
> | *before* giving the vendor a chance to fix the flaws are clearly
> | grandstanding.  They're part of the problem -- not the solution.
> |
>
>     Who is to say the vulnerability in question was NOT being exploited
>     prior to release?  Odds are it was.  Bugtraq is a full-diclosure list.
>     The `problem` as you succinctly put it is in *non-disclosure*.  While
>     it is still questionable whether or not the original posters found the bug
>     themselves (the advisory lacked any technical detail) calling them part of

In the adv. there was written:
Author:          Mariusz Tmoggie Marcinkiewicz <tmoggieat_private>

I'm the witness that he DID found a bug themselfe (maybe he was not FIRST
ever). Tmoggie called me tuesday evening and he said that there is a bug
in lsof (he was prepairing CD with S.u.s.e distribution, so he installed
it and did some find for suid/sgid files). Next day, I found his mail
about it (which was addressed to hert and lam3rz mailing lists) in my
mailbox, so I wrote an exploit (it took me about half an hout), I used
slackware linux. After that I posted it back to HERT. Becouse of something
there was a lot of rumor about this vul. on #hax channel on IRC, so
Anthony Zboralski <aczat_private> HERT maintainer decided to write an
advisory to made it public.

>   the problem is a misfire of your disdain (attacking them on the content
>   of the advisory --or lack thereof-- is a much better call).  The problem,
>   in this case, would be the malevolent individual(s) breaking into your
>   machine exploiting this bug (before or after it was disclosed).
>

So now you know WHY it was published so fast, without giving a chance to
fix it...
BTW: finding such kind of vulnerability is not so hard! As I can undestand
that authors of lsof could be not familiar with security, but I cannot
undestand WHY people that are NOT good in security issues are doing
COMMERCIAL distributions (like S.u.s.e or RH)???

>   Don't shoot the messenger.

:)

--
Kil3rat_private

Next message: veni markovski: "Re: EMAILed Trojan"
Previous message: Chris Wedgwood: "Re: Pro/wuFTPD DoS"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: brian j pardy: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:29 PDT