Bugtraq mailing list archives
Re: [HERT] Advisory #002 Buffer overflow in lsof
From: abe () purdue edu (Vic Abell)
Date: Thu, 18 Feb 1999 07:10:47 -0500
I would have appreciated the courtesy of an advance notice that this problem had been discovered. 5 minutes after I learned of it *third-hand* via DejaNews this patch was available and announced to the lsof-l mailing list: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/patches/4.40/arg.c.patch Vic Abell <abe () purdue edu>, lsof author
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of Anthony C . Zboralski Sent: Wednesday, February 17, 1999 7:31 PM To: BUGTRAQ () netspace org Subject: [HERT] Advisory #002 Buffer overflow in lsof -----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------------------- HERT - Hacker Emergency Response Team alert () hert org - http://www.hert.org Advisory: #00002 Title: lsof Date: 17 February 1999 Summary: Buffer overflow in lsof version 4.40 and prior IMPACT: Local users may obtain root priviledge. Author: Mariusz Tmoggie Marcinkiewicz <tmoggie () hert org> Test Exploit: kil3r () hert org - --------------------------------------------------------------- Copyright (C) 1999 Hacker Emergency Response Team Permission is granted to reproduce and distribute HERT advisories in their entirety, provided the HERT PGP signature is included and provided the alert is used for noncommercial purposes and with the intent of increasing the aware- ness of the Internet community. This advisory is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 1. Background: lsof - list open files Lsof lists information about files opened by processes for most UNIX dialects. When lsof is setuid-root or setgid kmem, it is vulnerable to a buffer overflow that will lead to direct root compromise or root compromise thru live kernel patching. The paradox is that lsof is a great security tool for administrators and we encourage its uses as long as it is NOT setuid-root or setgid. Test exploit code for this vulnerability was developped by kil3r () hert org and will be made available to lsof author, HERT collaborators, sponsors and partners. 2. Distributions known to be affected. OpenBSD 2.4's ports facility retrieves and builds lsof package setgid kmem. FreeBSD's ports facility retrieves and builds lsof package setgid kmem. SuSe Linux ships lsof setgid kmem. Debian GNU/Linux 2.0 ships lsof setgid kmem. Redhat Linux 5.2 ships lsof setgid kmem. 3. Recommendations Fix: chmod 0755 lsof To subscribe to the HERT Alert mailing list, email alert () hert org with subscribe in the body of the message. Contact hert () hert org for more information. The HERT PGP public key is available at ftp://ftp.hert.org/pub/HERT_PGP.key To report a vulnerability: http://www.hert.org/vul_reporting_form We would like to thank the individuals who donates some of their time to HERT. HERT is a non-profit international organisation based in France. If you wish to join the HERT effort please send a note to hert () hert org. - -- Please respect the privacy of this mailing list. To UNSUBSCRIBE, email to hert-private-request () hert org with "unsubscribe" in the body. Trouble? Contact listmaster () hert org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAwUBNss8D7iV3oeHg1NdAQGHZwP+L76JOU2iHtvl2i3AHP3VDdEJ6W8M5zjf vVWDpQY7z4qmW4Ai/D5mnzeRwUey8W9imkoY4J4cF3/O+s/70+rsbwAKsmVgztBm DjhdWfMl/yz0ZT8zATJV+YVGtPQsmzvPbZR7YWOQh7oQQyPwzQXkswHkTB24Fsdg ehmkQnF1N9c= =Ohr4 -----END PGP SIGNATURE-----
Current thread:
- Debian GNU/Linux 2.0r5 released (fwd), (continued)
- Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
- Regarding passwords in registry keys. Ash (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
- ICQ99 crash loser (Feb 14)
- Re: ICQ99 crash Eric J. Stevens (Feb 15)
- Re: ICQ99 crash Joe Stewart (Feb 16)
- Re: ICQ99 crash Timothy Doane (Feb 16)
- Website Pro v2.0 (NT) Configuration Issues Christian Antkow (Feb 16)
- [HERT] Advisory #002 Buffer overflow in lsof Anthony C . Zboralski (Feb 17)
- [SECURITY] New versions of super fixes two buffer overflows joey () FINLANDIA INFODROM NORTH DE (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Vic Abell (Feb 18)
- Tetrix 1.13.16 is Vulnerable Steven Hodges (Feb 17)
- Re: Tetrix 1.13.16 is Vulnerable Pavel Machek (Feb 19)
- ADMsnmp SNMP Audit scanner root (Feb 17)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Gene Spafford (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Theo de Raadt (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Gene Spafford (Feb 18)
- IE0199.exe uninstaller David Brumley (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Weld Pond (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Valdis.Kletnieks () VT EDU (Feb 19)
- Plaintext Password in Tractive's Remote Manager Software Trevor Gryffyn (Feb 19)