Bugtraq mailing list archives
Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof
From: ml () VDAZONE ORG (Mario Lorenz)
Date: Fri, 5 Mar 1999 21:37:42 +0100
On 05. Mar 1999, at 14:22:45 wrote Hans-Bernhard Broeker: [gnuplot stuff deleted]
I strongly second this recommendment. I'll mail S.u.S.E. about it, if no-one else does (but then, they're bound to have someone reading bugtraq, right?).
Not necessarily. SuSE has still not fixed the lsof buffer overflow either, even though lsof is setgid kmem and /dev/kmem is group writable (!) I mailed them earlier this week and got as response that they have a new lsof which unfortunately would require kernel 2.2. As quick fix they suggested removing the group write permissions from /dev/kmem.... As far as I could check this applies to SuSE 5.3 and 6.0. -- Mario Lorenz Internet: <ml () vdazone org> Ham Radio: DL5MLO@OK0PKL.#BOH.CZE.EU
Current thread:
- Remote OS Deception? Robert Wick (Mar 03)
- Security Conference Announcement: the Black Hat Briefings '99 Dominique Brezinski (Mar 03)
- Oracle Plaintext Password James Kivisild (Mar 04)
- Linux /usr/bin/gnuplot overflow xnec () INFERNO TUSCULUM EDU (Mar 04)
- Re: Linux /usr/bin/gnuplot overflow Lars Hecking (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Hans-Bernhard Broeker (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Andrea Arcangeli (Mar 05)
- buffer overflow in /usr/bin/cancel Josh A. Strickland (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof Mario Lorenz (Mar 05)
- Update to Microsoft Security Bulletin (MS99-006) aleph1 () UNDERGROUND ORG (Mar 05)
- More Internet Explorer zone confusion Jim Paris (Mar 05)
- Re: More Internet Explorer zone confusion Walt Armour (Mar 08)
- Re: More Internet Explorer zone confusion Jeremy Nimmer (Mar 08)
- Re: More Internet Explorer zone confusion Jim Paris (Mar 08)
- ISAPI Extension vulnerability allows to execute code as SYSTEM Aleph One (Mar 08)
- Re: More Internet Explorer zone confusion David E. Smith (Mar 08)
- Re: Linux /usr/bin/gnuplot overflow Lars Hecking (Mar 05)
- Little exploit for startup scripts (SCO 5.0.4p). leshka (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Peter van Dijk (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Taneli Leppä (Mar 08)