Re: openbsd 3.4 ps bug

From: Daniel (deadbeat_at_sdf.lonestar.org)
Date: 11/20/03

  • Next message: Dom De Vitto: "RE: openbsd 3.4 ps bug"
    Date: Thu, 20 Nov 2003 17:51:01 +0000 (UTC)
    To: Kurt Seifried <bt@seifried.org>
    
    

    On Thu, 20 Nov 2003, Kurt Seifried wrote:

    > > the gdb it gave me the address 0x1c01c116 in ?? ().I don`t have the
    > > time to confirm if the bug is exploitable or not but it is a big problem
    > > because a user(id 1000+) can also do that.This is a report which will also
    > > be submited in the bugtraq.It is also not confirmed that other versions
    >
    > Yes this creates a core dump. I fail to see how this is exploitable for
    > additional privileges however as ps is not setuid/setgid (simply mode 0555).
    > Can you please enlighten us as to how this is exploitable for additional
    > privileges?
    >
    >
    > Kurt Seifried, kurt@seifried.org
    > A15B BEE5 B391 B9AD B0EF
    > AEB0 AD63 0B4E AD56 E574
    > http://seifried.org/security/

    i didn't see him saying it was exploitable, as he didn't have time
    to look
    into it. yep your right, i dont see how any privledges can be gained from
    this.

    deadbeat


  • Next message: Dom De Vitto: "RE: openbsd 3.4 ps bug"