Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof

From: ml () VDAZONE ORG (Mario Lorenz)
Date: Fri, 5 Mar 1999 21:37:42 +0100

On 05. Mar 1999, at 14:22:45 wrote Hans-Bernhard Broeker:

[gnuplot stuff deleted]



I strongly second this recommendment. I'll mail S.u.S.E. about it, if
no-one else does (but then, they're bound to have someone reading bugtraq,
right?).


Not necessarily. SuSE has still not fixed the lsof buffer overflow either,
even though lsof is setgid kmem and /dev/kmem is group writable (!)
I mailed them earlier this week and got as response that they have a new
lsof which unfortunately would require kernel 2.2. As quick fix they suggested
removing the group write permissions from /dev/kmem....
As far as I could check this applies to SuSE 5.3 and 6.0.

--
Mario Lorenz                            Internet:    <ml () vdazone org>
                                        Ham Radio:   DL5MLO@OK0PKL.#BOH.CZE.EU
Previous By Date Next
Previous By Thread Next

Current thread: