lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jan 2007 21:30:49 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: XFOCUS Security Team <security@...cus.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Multiple OS kernel insecure handling of stdio file descriptor Dear XFOCUS Security Team, A more complicated variant of this vulnerability (exhausting all available descriptors and closing standard one) was reported by Joost Pol for BSD systems. It's very funny to see commercial Unix variants were not checked against it and simplest variant of this attack was not fixed for 5 years. See: http://security.nnov.ru/news1956.html --Thursday, January 18, 2007, 5:21:52 PM, you wrote to full-disclosure@...ts.grok.org.uk: XST> The affected OSes allows local users to write to or read from restricted XST> files by closing the file descriptors 0 (standard input), 1 (standard XST> output), or 2 (standard error), which may then be reused by a called XST> setuid process that intended to perform I/O on normal files. the attack XST> which exploit this vulnerability possibly get root right. -- ~/ZARAZA http://security.nnov.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists