[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1149338419.20070118213049@SECURITY.NNOV.RU>
Date: Thu, 18 Jan 2007 21:30:49 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: XFOCUS Security Team <security@...cus.org>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Multiple OS kernel insecure handling of stdio
file descriptor
Dear XFOCUS Security Team,
A more complicated variant of this vulnerability (exhausting all
available descriptors and closing standard one) was reported by Joost
Pol for BSD systems. It's very funny to see commercial Unix variants
were not checked against it and simplest variant of this attack was not
fixed for 5 years.
See: http://security.nnov.ru/news1956.html
--Thursday, January 18, 2007, 5:21:52 PM, you wrote to full-disclosure@...ts.grok.org.uk:
XST> The affected OSes allows local users to write to or read from restricted
XST> files by closing the file descriptors 0 (standard input), 1 (standard
XST> output), or 2 (standard error), which may then be reused by a called
XST> setuid process that intended to perform I/O on normal files. the attack
XST> which exploit this vulnerability possibly get root right.
--
~/ZARAZA
http://security.nnov.ru/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists