Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof

From: Mario Lorenz (mlat_private)
Date: Fri Mar 05 1999 - 12:37:42 PST

Next message: Josh A. Strickland: "buffer overflow in /usr/bin/cancel"

Previous message: aleph1at_private: "Update to Microsoft Security Bulletin (MS99-006)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05. Mar 1999, at 14:22:45 wrote Hans-Bernhard Broeker:

[gnuplot stuff deleted]

>
> I strongly second this recommendment. I'll mail S.u.S.E. about it, if
> no-one else does (but then, they're bound to have someone reading bugtraq,
> right?).

Not necessarily. SuSE has still not fixed the lsof buffer overflow either,
even though lsof is setgid kmem and /dev/kmem is group writable (!)
I mailed them earlier this week and got as response that they have a new
lsof which unfortunately would require kernel 2.2. As quick fix they suggested
removing the group write permissions from /dev/kmem....
As far as I could check this applies to SuSE 5.3 and 6.0.

--
Mario Lorenz                            Internet:    <mlat_private>
                                        Ham Radio:   DL5MLO@OK0PKL.#BOH.CZE.EU

Next message: Josh A. Strickland: "buffer overflow in /usr/bin/cancel"
Previous message: aleph1at_private: "Update to Microsoft Security Bulletin (MS99-006)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:09 PDT