|
Bugtraq
mailing list archives
Re: Linux kernel sysctl() vulnerability
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Sat, 10 Feb 2001 10:28:01 +0100
Chris Evans <chris () SCARY BEASTS ORG> writes:
There exists a Linux system call sysctl() which is used to query and
modify runtime system settings. Unprivileged users are permitted to query
the value of many of these settings.
It appears that all current Linux kernel version (2.2.x and 2.4.x) are
vulnerable. Right?
Was it really necessary to release this stuff just before the weekend?
The following trivial patch should fix this issue. (I wonder how you
can audit code for such vulnerabilities. It's probably much easier to
rewrite it in Ada. ;-)
--- sysctl.c 2001/02/10 09:42:12 1.1
+++ sysctl.c 2001/02/10 09:42:26
@@ -1123,7 +1123,7 @@
void *oldval, size_t *oldlenp,
void *newval, size_t newlen, void **context)
{
- int l, len;
+ unsigned l, len;
if (!table->data || !table->maxlen)
return -ENOTDIR;
--
Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
 By Date 
By Thread
Current thread:
|
Intro
