Bugtraq mailing list archives
Re: [HERT] Advisory #002 Buffer overflow in lsof
From: alexsh () HECTIC NET (Alex Shnitman)
Date: Sat, 20 Feb 1999 23:10:54 +0200
Alan Cox writes:
In a few mins I noticed all linux versions are chown .kmem; chmod g+s lsof... on linux /dev/kmem is +w for gid kmem, on bsd too (probably, I didn't checked that), so... all of std. distributions are vuln. withoutcrw-r----- 1 root kmem 1, 2 May 5 1998 /dev/kmem Red Hat 5.2 crw-r----- 1 root kmem 1, 2 Jan 1 1980 /dev/kmem Red Hat 4.2
crw-rw---- 1 root kmem 1, 2 Jul 21 1998 /dev/kmem Debian 2.0 Ack! What breaks if I change it? -- Alex Shnitman alexsh () hectic net, alexsh () linux org il http://alexsh.hectic.net
Current thread:
- Re: [HERT] Advisory #002 Buffer overflow in lsof Don Lewis (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Vic Abell (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Mariusz Marcinkiewicz (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Lee Brotzman (Feb 22)
- NcFTPd remote buffer overflow Julien Nadeau (Feb 23)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alan Cox (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alex Shnitman (Feb 20)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Wichert Akkerman (Feb 21)
- Possible DOS attack in the .nu domain service Shane Wegner (Feb 20)
- Severe Security Hole in ARCserve NT agents (fwd) Weld Pond (Feb 21)
- Administrivia Aleph One (Feb 22)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- <Possible follow-ups>
- Re: [HERT] Advisory #002 Buffer overflow in lsof Friedrichs, Oliver (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Eric Stevens (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof johann sebastian bach (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof der Mouse (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Zhodiac (Feb 21)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Ronny Cook (Feb 21)