BugTraq
Multiple OS kernel insecure handling of stdio file descriptor Jan 18 2007 02:21PM
XFOCUS Security Team (security xfocus org) (3 replies)
Re: Multiple OS kernel insecure handling of stdio file descriptor Jan 19 2007 11:19PM
Shiva Persaud (shivapd austin ibm com) (1 replies)
Re: Multiple OS kernel insecure handling of stdio file descriptor Jan 20 2007 05:43PM
eugeny gladkih (john drweb com)
Re: Multiple OS kernel insecure handling of stdio file descriptor Jan 18 2007 09:04PM
Peter Jeremy (peter jeremy alcatel-lucent com au) (1 replies)
Re: Multiple OS kernel insecure handling of stdio file descriptor Jan 20 2007 06:35PM
Carson Gaspar (carson taltos org)
Re: Multiple OS kernel insecure handling of stdio file descriptor Jan 18 2007 06:30PM
3APA3A (3APA3A SECURITY NNOV RU)
Dear XFOCUS Security Team,

A more complicated variant of this vulnerability (exhausting all
available descriptors and closing standard one) was reported by Joost
Pol for BSD systems. It's very funny to see commercial Unix variants
were not checked against it and simplest variant of this attack was not
fixed for 5 years.

See: http://security.nnov.ru/news1956.html

--Thursday, January 18, 2007, 5:21:52 PM, you wrote to full-disclosure (at) lists.grok.org (dot) uk [email concealed]:

XST> The affected OSes allows local users to write to or read from restricted
XST> files by closing the file descriptors 0 (standard input), 1 (standard
XST> output), or 2 (standard error), which may then be reused by a called
XST> setuid process that intended to perform I/O on normal files. the attack
XST> which exploit this vulnerability possibly get root right.

--
~/ZARAZA
http://security.nnov.ru/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus