| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jan 2007 21:48:33 +0800 From: XFOCUS Security Team <security@...cus.org> To: Shiva Persaud <shivapd@...tin.ibm.com>, full-disclosure@...ts.grok.org.uk Subject: Re: Multiple OS kernel insecure handling of stdio file descriptor we tested in oslevel -r is 5300-03 ,your system is AIX 5300-05. as your description , this vuln should be fixed in AIX 5300-05. we think you don't mind this letter are also dropped to full-disclosure . Shiva Persaud 写道: > On Thu, Jan 18, 2007 at 01:24:35PM -0600, Shiva Persaud wrote: >> Can you please let me know if I'm missing something? Also, can you please send >> me the output of the "lslpp -L" command on the system where you tested? >> >> Thanks, >> Shiva > > I am able to reproduce your results if I remove the setuid bit from tt: > > $ ls -la /tmp/bb > -rw-r--r-- 1 root system 0 Jan 18 12:57 /tmp/bb > $ ./k > euid=203 > f=2 > > This is not the same as the issue posted though. I look forward to hearing > back from you. -- Shiva > > > > -- Kind Regards, --- XFOCUS Security Team http://www.xfocus.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists