[9822] in bugtraq
Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof
daemon@ATHENA.MIT.EDU (Mario Lorenz)
Fri Mar 5 17:05:43 1999
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Date: Fri, 5 Mar 1999 21:37:42 +0100
Reply-To: Mario Lorenz <ml@VDAZONE.ORG>
From: Mario Lorenz <ml@VDAZONE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.93.990305141357.29986C-100000@acp3bf>; from
Hans-Bernhard Broeker on Fri, Mar 05, 1999 at 02:22:45PM +0100
On 05. Mar 1999, at 14:22:45 wrote Hans-Bernhard Broeker:
[gnuplot stuff deleted]
>
> I strongly second this recommendment. I'll mail S.u.S.E. about it, if
> no-one else does (but then, they're bound to have someone reading bugtraq,
> right?).
Not necessarily. SuSE has still not fixed the lsof buffer overflow either,
even though lsof is setgid kmem and /dev/kmem is group writable (!)
I mailed them earlier this week and got as response that they have a new
lsof which unfortunately would require kernel 2.2. As quick fix they suggested
removing the group write permissions from /dev/kmem....
As far as I could check this applies to SuSE 5.3 and 6.0.
--
Mario Lorenz Internet: <ml@vdazone.org>
Ham Radio: DL5MLO@OK0PKL.#BOH.CZE.EU
