Sendfile daemon bugs

From: psheepat_private
Date: Tue May 15 2001 - 09:10:49 PDT

Next message: Greg A. Woods: "Re: Solaris /usr/bin/mailx exploit (SPARC)"

Previous message: Andrew Hilborne: "Re: Solaris /usr/bin/mailx exploit (SPARC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have attached two simple scripts which exploit vulnerabilities which exist 
in the some versions of the Sendfile daemon, both allow a local attacker 
to gain superuser privileges.

The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches 
provided in Debian Security Advisory DSA-050-1 and then DSA-052-1 and was 
reported by Colin Phipps in November 2000, somehow it has still not been 
fixed.  The second bug has been reported (without any success) to Debian,
 it is the result of a serialization error combined with a lack of error 
checking.

Anyone using this package should download the most recent copy of the source 
code directly from the author's site and manually compile it, or apply the 
patch used in Debian-unstable (sendfile_2.1-25).  Up-to-date copies of the 
source can be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current

Free, encrypted, secure Web-based email at www.hushmail.com

application/octet-stream attachment: sfdfwd.sh

application/octet-stream attachment: sfdnfy.sh

IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.

Next message: Greg A. Woods: "Re: Solaris /usr/bin/mailx exploit (SPARC)"
Previous message: Andrew Hilborne: "Re: Solaris /usr/bin/mailx exploit (SPARC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 14:56:54 PDT