Re: openbsd 3.4 ps bug

From: Daniel (deadbeat_at_sdf.lonestar.org)
Date: 11/20/03

  • Next message: Dom De Vitto: "RE: openbsd 3.4 ps bug"
    Date: Thu, 20 Nov 2003 17:51:01 +0000 (UTC)
    To: Kurt Seifried <bt@seifried.org>
    
    

    On Thu, 20 Nov 2003, Kurt Seifried wrote:

    > > the gdb it gave me the address 0x1c01c116 in ?? ().I don`t have the
    > > time to confirm if the bug is exploitable or not but it is a big problem
    > > because a user(id 1000+) can also do that.This is a report which will also
    > > be submited in the bugtraq.It is also not confirmed that other versions
    >
    > Yes this creates a core dump. I fail to see how this is exploitable for
    > additional privileges however as ps is not setuid/setgid (simply mode 0555).
    > Can you please enlighten us as to how this is exploitable for additional
    > privileges?
    >
    >
    > Kurt Seifried, kurt@seifried.org
    > A15B BEE5 B391 B9AD B0EF
    > AEB0 AD63 0B4E AD56 E574
    > http://seifried.org/security/

    i didn't see him saying it was exploitable, as he didn't have time
    to look
    into it. yep your right, i dont see how any privledges can be gained from
    this.

    deadbeat


  • Next message: Dom De Vitto: "RE: openbsd 3.4 ps bug"

    Relevant Pages

    • Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service
      ... BTW you bug is a division by zero and it's here: ... releasing additional research in a hurry like this can only ... right, so why cripple it, thats just silly... ... and, i dont really care a shit who coded it, but, i doubt it was ...
      (Full-Disclosure)
    • Re: Is VB.NET Stable??
      ... I dont know about a web site. ... The Grand Master ... BRING BACK VB6 OR EAT DICK, MICROSOFT ... If there's no bug report, it will take much longer (or make it even ...
      (microsoft.public.dotnet.languages.vb)
    • Re: Japanese text in domain names
      ... and IDN's dont work you may as well report the bug. ... > being discussed only in Opera's beta newsgroup. ...
      (sci.lang.japan)
    • [Full-Disclosure] (no subject)
      ... think you've found a bug in your software, go to the software vendor to ... software dont want to fix the damned thing THEN CHANGE F*CKING BRANDS! ... blackhats dont release their exploits to the rest of the community. ...
      (Full-Disclosure)
    • Re: openoffice 2.0 is crashing
      ... >>Does anyone have an account on their website to submit a bug? ... No, I dont think it is stupid, I just don't have ... > Follow the instructions from jl near the end of the report. ... Oleksandr Korneta -- fedora-list mailing list ...
      (Fedora)