oss-sec mailing list archives
Re: CVE request: oping allows the disclosure of arbitrary file contents
From: Julien Tinnes <jt () cr0 org>
Date: Thu, 15 Oct 2009 15:15:57 +0200
On Mon, Sep 28, 2009 at 2:45 PM, Steve Kemp <steve () steve org uk> wrote:
oping is setuid root application and one of the command line arguments allows a configuration file to be specified. This file is read and *reported* to the console - Unless the file is lucky enough to look like a list of hostnames. Brief details here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684
Hi, in case anyone cares, oping also attempts to drop privileges with setuid(getuid()); without checking setuid()'s return value. It's an obvious vulnerability, because a local attacker can make setuid() fail by setting a resource limit of 0 for RLIMIT_NPROC with setrlimit(). Julien
Current thread:
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)