Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [HERT] Advisory #002 Buffer overflow in lsof

From: Oliver_Friedrichs () NAI COM (Friedrichs, Oliver)
Date: Thu, 18 Feb 1999 13:48:22 -0800


If lsof is installed setgid kmem, it shouldn't gain any privileges to
overwrite something to gain root access.  At worst, it should only be
possible to read things in kernel memory that ordinary users shouldn't
have access to (I suppose this might include a password in a tty buffer
if the cracker got really lucky).


In the past some OS's have had problems whereby even though kmem was
read-only, you could use mmap() to obtain write access to it.  Although
this is (hopefully) fixed everywhere now, it would have been a good
example of how to get instant root with this bug.

see http://www.openbsd.org/advisories/mmap

I would say that read access alone is enough however...

- Oliver
Previous By Date Next
Previous By Thread Next

Current thread: