[7471] in bugtraq
Crash a redhat 5.1 linux box
daemon@ATHENA.MIT.EDU (Zachary Amsden)
Wed Jul 29 19:23:16 1998
Date: Wed, 29 Jul 1998 16:32:09 -0400
Reply-To: Zachary Amsden <amsdenz@AAVID.COM>
From: Zachary Amsden <amsdenz@AAVID.COM>
To: BUGTRAQ@NETSPACE.ORG
Bug description: the dumpreg utility included
with redhat 5.1 can cause kernel crashes. The
reasons is that it opens /dev/mem with O_RDWR
access and blindly prints its output to fd 1.
This can be trivially exploited with a simple
program and run by any local user to corrupt
kernel memory. Results may vary, but a crash
is pretty much inevitable given enough time.
A quick fix would be to remove setuid privs
from the dumpreg program, as this is not
needed for normal use. Testing this exploit
on my system caused a fairly severe FS crash.
No script for you kiddies, guess you'll have
to learn how to program.
Don't flame me, I already reported it to Redhat
Zachary Amsden
amsden@andrew.cmu.edu
