[9705] in bugtraq
Re: [HERT] Advisory #002 Buffer overflow in lsof
daemon@ATHENA.MIT.EDU (Alex Shnitman)
Sun Feb 21 21:14:52 1999
Date: Sat, 20 Feb 1999 23:10:54 +0200
Reply-To: Alex Shnitman <alexsh@HECTIC.NET>
From: Alex Shnitman <alexsh@HECTIC.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m10E1KE-0007U1C@the-village.bc.nu>
Alan Cox writes:
> > In a few mins I noticed all linux versions are chown .kmem; chmod g+s
> > lsof... on linux /dev/kmem is +w for gid kmem, on bsd too (probably, I
> > didn't checked that), so... all of std. distributions are vuln. without
>
> crw-r----- 1 root kmem 1, 2 May 5 1998 /dev/kmem
>
> Red Hat 5.2
>
> crw-r----- 1 root kmem 1, 2 Jan 1 1980 /dev/kmem
>
> Red Hat 4.2
crw-rw---- 1 root kmem 1, 2 Jul 21 1998 /dev/kmem
Debian 2.0
Ack! What breaks if I change it?
--
Alex Shnitman
alexsh@hectic.net, alexsh@linux.org.il
http://alexsh.hectic.net
