[19124] in bugtraq
Re: Linux kernel sysctl() vulnerability
daemon@ATHENA.MIT.EDU (Aleksander Kamil Modzelewski)
Sat Feb 10 18:40:31 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010210221831.A20664@vortex.efekt.pl>
Date: Sat, 10 Feb 2001 22:18:31 +0100
Reply-To: Aleksander Kamil Modzelewski <noir@VORTEX.EFEKT.PL>
From: Aleksander Kamil Modzelewski <noir@VORTEX.EFEKT.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <tg3ddmanvi.fsf@mercury.rus.uni-stuttgart.de>; from
Florian.Weimer@RUS.UNI-STUTTGART.DE on Sat, Feb 10,
2001 at 10:28:01AM +0100
On Sat, Feb 10, 2001 at 10:28:01AM +0100, Florian Weimer wrote:
> > There exists a Linux system call sysctl() which is used to query and
> > modify runtime system settings. Unprivileged users are permitted to query
> > the value of many of these settings.
> It appears that all current Linux kernel version (2.2.x and 2.4.x) are
> vulnerable. Right?
But not in Alan Cox'es version.
In 2.4.1-ac4:
/* The generic string strategy routine: */
int sysctl_string(ctl_table *table, int *name, int nlen,
void *oldval, size_t *oldlenp,
void *newval, size_t newlen, void **context)
{
size_t l, len;
Another thing is, that t shows, that someone already noticed the
problem :/
Greets
Aleksander Kamil Modzelewski
ps. This is my first posting. Hope I did not make a fall-start :)
pps. OK, I did, but this is a long story :)
--
/==]n0iR[==++++.__ /\
| noir@efekt.pl `\ BOFH excuse #89: Electromagnetic energy loss `|
+ BOFH #1 of #radom `\ |
|\ UIN: #89507110 `\ |
\--\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/'
