Vulnerability Development mailing list archives
Re: openbsd 3.4 ps bug
From: Daniel <deadbeat () sdf lonestar org>
Date: Thu, 20 Nov 2003 17:51:01 +0000 (UTC)
On Thu, 20 Nov 2003, Kurt Seifried wrote:
the gdb it gave me the address 0x1c01c116 in ?? ().I don`t have the time to confirm if the bug is exploitable or not but it is a big problem because a user(id 1000+) can also do that.This is a report which will also be submited in the bugtraq.It is also not confirmed that other versionsYes this creates a core dump. I fail to see how this is exploitable for additional privileges however as ps is not setuid/setgid (simply mode 0555). Can you please enlighten us as to how this is exploitable for additional privileges? Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
i didn't see him saying it was exploitable, as he didn't have time to look into it. yep your right, i dont see how any privledges can be gained from this. deadbeat
Current thread:
- openbsd 3.4 ps bug thanos F (Nov 19)
- Re: openbsd 3.4 ps bug Kurt Seifried (Nov 20)
- Re: openbsd 3.4 ps bug Daniel (Nov 20)
- RE: openbsd 3.4 ps bug Dom De Vitto (Nov 20)
- RE: openbsd 3.4 ps bug Nash Leon (Nov 21)
- <Possible follow-ups>
- RE: openbsd 3.4 ps bug thanos F (Nov 21)
- Re: openbsd 3.4 ps bug Kurt Seifried (Nov 20)