Bugtraq: Re: FreeBSD (and other BSDs?) local root explot

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: FreeBSD (and other BSDs?) local root explot

From: root () IHACK NET (Charles M. Hannum)
Date: Fri, 3 Sep 1999 12:06:15 -0400


As of yesterday, the OpenBSD version of fts.c was still susceptible to
at least two bugs that can cause a core dump when FTS_NOCHDIR is used
(e.g. by pax(1)).  Beware if you do backups with pax(1)!

These problems, and others, are fixed in the current NetBSD version.

revision 1.20
date: 1999/08/27 18:01:35;  author: mycroft;  state: Exp;  lines: +16 -10
Fix multiple problems in the FTS_NOCHDIR case:
* There was an off-by-one error that caused the addition of a NUL or
  slash in fts_build() to overwrite other memory.
* After fts_palloc(), we need to reset `cp' so that it points to the
  new path name buffer; otherwise the addition of the file name before
  calling fts_stat() could lose.

By Date By Thread

Current thread:

Re: FreeBSD (and other BSDs?) local root explot Ollivier Robert (Aug 30)
- <Possible follow-ups>
- Re: FreeBSD (and other BSDs?) local root explot Stas Kisel (Sep 01)
- Re: FreeBSD (and other BSDs?) local root explot Charles M. Hannum (Sep 03)