I have attached two simple scripts which exploit vulnerabilities which exist in the some versions of the Sendfile daemon, both allow a local attacker to gain superuser privileges. The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches provided in Debian Security Advisory DSA-050-1 and then DSA-052-1 and was reported by Colin Phipps in November 2000, somehow it has still not been fixed. The second bug has been reported (without any success) to Debian, it is the result of a serialization error combined with a lack of error checking. Anyone using this package should download the most recent copy of the source code directly from the author's site and manually compile it, or apply the patch used in Debian-unstable (sendfile_2.1-25). Up-to-date copies of the source can be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 14:56:54 PDT