[Full-Disclosure] more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter

From: Pekka Savola (pekkas@netcore.fi)
Date: 10/29/02

• Next message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20021029-027] mod_ssl cross-site scripting vulnerability."
• Previous message: Dr. Peter Bieringer: "[Full-Disclosure] more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter"
• In reply to: Dr. Peter Bieringer: "[Full-Disclosure] more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: pekkas@netcore.fi (Pekka Savola)
Date: Tue, 29 Oct 2002 11:51:33 +0200 (EET)

On Tue, 29 Oct 2002, Dr. Peter Bieringer wrote:

> --On Dienstag, 29. Oktober 2002 08:26 +0200 Pekka Savola
> <pekkas@netcore.fi> wrote:
>
> > On Mon, 28 Oct 2002, Day Jay wrote:
> >> Hi, "more" segfaults when you pass "/proc/misc" to it
> >> as a parameter. This happens on my Redhat 6.0 and my
> >> Redhat 6.2 box. More is setuid root. See below:
> > [...]
> >
> > This appears to be very bogus. 'more' is never setuid unless you made it
> > so...
> >
> > I didn't manage to segfaul 'more' on RHL62 box either..
>
> But me here as "root" and as a normal user.
> Using kernel-2.2.22-6.2.2 with openwall patch and libsafe-1.3
> Tested on 2 systems.
>
> BTW: cat and less are ok.

Oh, that's something caused by the kernel upgrade.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

• Next message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20021029-027] mod_ssl cross-site scripting vulnerability."
• Previous message: Dr. Peter Bieringer: "[Full-Disclosure] more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter"
• In reply to: Dr. Peter Bieringer: "[Full-Disclosure] more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Odd server side scripts source disclosure vulnerability ... > And more likely to run on Redhat than any other one... ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ... (Pen-Test) Re: Reviewed the rhn code .. RE: Red Hat Network updates ... > We did a brief security review of the Redhat update applications ... Is the code too obscured to carry on security audits? ... > servers must give serious thought to and perhaps reconfigure. ... > components it uses have received considerable review, ... (Focus-Linux) [Full-disclosure] What RedHat doesnt want you to know about ExecShield (without NX) ... Few of you may have seen my comments on the following article in RedHat ... I think the issue deserves more widespread attention among the security ... effort of disinformation for both SELinux and ExecShield. ... where I also comment upon some ExecShield behavior under a non-NX system. ... (Full-Disclosure) Re: Unix runs faster, maybe ... Been security audited by professionals including penetration tests. ... Reality is that RH releases 10-20 *security* patches per ... Notice the 2.1 varient of RedHat is based off the five year old RedHat ... GNU Zebra is a free software that manages TCP/IP ... (comp.os.vms) Re: Woody or Sarge ... New features aren't important at all. ... And with the least amount of effort, where security updates do not break ... RedHat has been a frustrating experience. ... headless servers without user intervention. ... (Debian-User)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint