|
Vulnerability Development
mailing list archives
Re: Memory leak in Solaris 2.7 kernel?
From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Sun, 18 Mar 2001 12:14:57 -0800
"Jay D. Dyson" wrote:
It is by all indications a memory exhaustion attack. I'm going to kill
off this thread unless someone finds something more pertinant than the
fact that root can use lots of ram.
Let us not forget that root can also do 3v1l th1ngz with rm.
If the ls expansion is to be considered a possible vulnerability,
then we'd best include rm and a host of other standard programs in the
"hazard list."
Of course, to reverse myself a bit... take a look at the ftpd catfight
on Bugtraq recently over a very similar issue. It uses the same
issue (searching dirs with ..'s, and *'s.) but via the FTPd interface.
That becomes a bit more interesting... and the hole could be considered
to be in the ftpd rather than the OS. The problem is pretty boring
if root has to type the thing to get it to blow... not as boring
if an attacker can get a root process to do it for them remotely.
BB
 By Date 
By Thread
Current thread:
| 
Intro
