[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround
From: "PERFECT.MATERIAL" <perfect.material@xxxxxxxxx>
Date: Thu, 13 Jul 2006 19:55:10 -0400

Matt Murphy write:

If you actually bothered to read ANY of the vendor advisories on this
issue, you'd know why.  The vulnerability exists because the kernel
DOES NOT VERIFY write permissions to core dump directories.  If your
users actually have write permissions to /etc/cron.d, do the world a
favor and disconnect from the internet as soon as humanly possible.


I think the nigger is calling the kettle a junglebunny here. Do you know
how CHDIR(2) works Matthew Murphy? Try to CHDIR(2) into a directory to
which you do not have execute privileges!!!

PERFECT.MATERIAL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround
Next by Date: Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround
Previous by thread: [Full-disclosure] rPSA-2006-0122-2 kernel
Next by thread: [Full-disclosure] Looking for any vulnerabilities in GreenBorder Pro - Download please, and let me know
Index(es):
- Date
- Thread