[9633] in bugtraq
Re: [HERT] Advisory #002 Buffer overflow in lsof
daemon@ATHENA.MIT.EDU (Lamont Granquist)
Thu Feb 18 15:36:27 1999
Date: Thu, 18 Feb 1999 11:29:51 -0800
Reply-To: Lamont Granquist <lamontg@RAVEN.GENOME.WASHINGTON.EDU>
From: Lamont Granquist <lamontg@RAVEN.GENOME.WASHINGTON.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <001001be5b37$b7e6aeb0$aa87d280@vic2.cc.purdue.edu>
Since this is a buffer overflow in enter_uid() which is called out of
main() the operating systems which have the RA lower on the stack and
require two returns will not be vulnerable to this. That means that this
bug is not exploitable on Digital Unix, Solaris/sparc and IRIX(?). It
would be exploitable in principle on Solaris/x86 and on any other O/S with
the RA above the stack.
Digital Unix, Solaris and IRIX to my knowledge don't ship with lsof, but
admins may have installed them suid or sgid in /usr/local/bin...
--
Lamont Granquist lamontg@raven.genome.washington.edu
Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontg@raven.genome.washington.edu | pgp -fka
