oss-sec mailing list archives
Re: CVE request: oping allows the disclosure of arbitrary file contents
From: Josh Bressers <bressers () redhat com>
Date: Mon, 16 Nov 2009 17:39:30 -0500 (EST)
----- "Tomas Hoger" <thoger () redhat com> wrote:
On Thu, 15 Oct 2009 15:15:57 +0200 Julien Tinnes <jt () cr0 org> wrote:in case anyone cares, oping also attempts to drop privileges with setuid(getuid()); without checking setuid()'s return value. It's an obvious vulnerability, because a local attacker can make setuid() fail by setting a resource limit of 0 for RLIMIT_NPROC with setrlimit().Does the RLIMIT_NPROC trick work against oping, or any setuid app that calls setuid(getuid())?
This should work for everything that calls setuid() I have a little bit about this here: http://www.bress.net/blog/archives/34-setuid-madness.html The short story is that if you call setuid(), you need to check the return code. -- JB
Current thread:
- Re: CVE request: oping allows the disclosure of arbitrary file contents, (continued)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 17)