Full Disclosure mailing list archives
Re: Multiple OS kernel insecure handling of stdio file descriptor
From: XFOCUS Security Team <security () xfocus org>
Date: Wed, 24 Jan 2007 21:48:33 +0800
we tested in oslevel -r is 5300-03 ,your system is AIX 5300-05. as your description , this vuln should be fixed in AIX 5300-05. we think you don't mind this letter are also dropped to full-disclosure . Shiva Persaud 写道:
On Thu, Jan 18, 2007 at 01:24:35PM -0600, Shiva Persaud wrote:Can you please let me know if I'm missing something? Also, can you please send me the output of the "lslpp -L" command on the system where you tested? Thanks, ShivaI am able to reproduce your results if I remove the setuid bit from tt: $ ls -la /tmp/bb -rw-r--r-- 1 root system 0 Jan 18 12:57 /tmp/bb $ ./k euid=203 f=2 This is not the same as the issue posted though. I look forward to hearing back from you. -- Shiva
-- Kind Regards, --- XFOCUS Security Team http://www.xfocus.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple OS kernel insecure handling of stdio file descriptor XFOCUS Security Team (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor 3APA3A (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Peter Jeremy (Jan 18)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Shiva Persaud (Jan 19)
- Re: Multiple OS kernel insecure handling of stdio file descriptor eugeny gladkih (Jan 20)
- Re: Multiple OS kernel insecure handling of stdio file descriptor Troy Bollinger (Jan 23)
- Message not available
- Re: Multiple OS kernel insecure handling of stdio file descriptor Michele Cicciotti (Jan 20)
- Re: Multiple OS kernel insecure handling of stdio file descriptor eugeny gladkih (Jan 20)
- Message not available
- Message not available
- Re: Multiple OS kernel insecure handling of stdio file descriptor XFOCUS Security Team (Jan 24)
- Message not available