Unzuthorized file access via file stdio decriptors in *bsd updated since 22. 04. 02 Published: 10. 12. 02




Дата канвертавання25.04.2016
Памер5.54 Kb.
Unzuthorized file access via file stdio decriptors in *BSD

updated since 22.04.02

Published: 10.12.02

Source: SECURITEAM

Type: client

Level: 9


Description: By exhausting all file descriptors and closing stderr it's possible to causesituation called application will open new file with descriptor 2 and all stderr output will be redirected to file.

Affected products:

OPENBSD:OpenBSD 3.1

OPENBSD:OpenBSD 3.0

OPENBSD:OpenBSD 2.9

FREEBSD:FreeBSD 4.5

SCO:UnixWare 7.1

SCO:Open UNIX 8.0

FREEBSD:FreeBSD 5.0

Original text:

SECURITEAM, [UNIX] Suid Application Execution May Give Local Root http://www.security.nnov.ru/search/document.asp?docid=2823

Patrick Oonk, Pine Internet Advisory: Setuid application execution may give local root in FreeBSD file://localhost/search/document.asp?docid=2826

FREEBSD, Security Advisory FreeBSD-SA-02:23.stdio

fozzy_@_dmpfrance.com, OpenBSD local DoS and root exploit

CALDERA, Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability

Related files:

stdio kernel bug in All releases of FreeBSD http://www.security.nnov.ru/files/iosmash.c

Proof Of Concept exploit for the Freebsd file descriptors bug http://www.security.nnov.ru/files/iosmash2.c



Discuss



База данных защищена авторским правом ©shkola.of.by 2016
звярнуцца да адміністрацыі

    Галоўная старонка