[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor

To: XFOCUS Security Team <security@xxxxxxxxxx>
Subject: Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 18 Jan 2007 21:30:49 +0300

Dear XFOCUS Security Team,

 A  more  complicated  variant  of  this  vulnerability  (exhausting all
 available  descriptors  and closing standard one) was reported by Joost
 Pol  for  BSD  systems. It's very funny to see commercial Unix variants
 were not checked against it and simplest variant of this attack was not
 fixed for 5 years.

 See: http://security.nnov.ru/news1956.html

--Thursday, January 18, 2007, 5:21:52 PM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxxx:



XST> The affected OSes allows local users to write to or read from restricted
XST> files by closing the file descriptors 0 (standard input), 1 (standard
XST> output), or 2 (standard error), which may then be reused by a called
XST> setuid process that intended to perform I/O on normal files. the attack
XST> which exploit this vulnerability possibly get root right.



-- 
~/ZARAZA
http://security.nnov.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
  - From: XFOCUS Security Team

Prev by Date: [Full-disclosure] CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
Next by Date: [Full-disclosure] Vulnerability Disclosure comments
Previous by thread: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
Next by thread: Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
Index(es):
- Date
- Thread