[9661] in bugtraq
Re: [HERT] Advisory #002 Buffer overflow in lsof
daemon@ATHENA.MIT.EDU (Friedrichs, Oliver)
Fri Feb 19 16:52:18 1999
Date: Thu, 18 Feb 1999 13:48:22 -0800
Reply-To: "Friedrichs, Oliver" <Oliver_Friedrichs@NAI.COM>
From: "Friedrichs, Oliver" <Oliver_Friedrichs@NAI.COM>
X-To: Don Lewis <Don.Lewis@TSC.TDK.COM>
To: BUGTRAQ@NETSPACE.ORG
>If lsof is installed setgid kmem, it shouldn't gain any privileges to
>overwrite something to gain root access. At worst, it should only be
>possible to read things in kernel memory that ordinary users shouldn't
>have access to (I suppose this might include a password in a tty buffer
>if the cracker got really lucky).
In the past some OS's have had problems whereby even though kmem was
read-only, you could use mmap() to obtain write access to it. Although
this is (hopefully) fixed everywhere now, it would have been a good
example of how to get instant root with this bug.
see http://www.openbsd.org/advisories/mmap
I would say that read access alone is enough however...
- Oliver
