Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps A-M :: lnx4877.htm

Auto Nice Daemon Format String Vulnerability
27th Nov 2001 [SBWID-4877]

	Auto Nice Daemon Format String Vulnerability


	AND <= 1.0.4


	Guillaume Pelat [] says :

	AND (Auto Nice Daemon, is  a  daemon  which
	allows to automatically change a user process if it uses  too  much  CPU
	time. It can also kill the process if it  goes  beyond  a  defined  level.

	AND is vulnerable to a format string bug. A local user can exploit  this
	issue to gain higher privileges on the local system.  He  only  need  to
	run  a  process  with  a  name  containing   a   format   string,   like

	The problem occurs when the program calls the  syslog(3)  function  with
	the process name as second parameter. As a user  can  create  a  process
	named as he wants, it is easy to exploit this vulnerability.

	Complete exploitation of this vulnerability can conduct to  a  privilege
	escalation on the system. As the AND process runs as \'root\',  a  local
	user could execute arbitrary code with the \'root\' privileges.





	It is simple to create a program using a lot of the CPU time  with  a  special
	name to exploit this bug :

	  % cat foo.c

	  int main()


	      while (1);

	          return 0;


	  % gcc foo.c -o %n%n%n%n

	  % ./%n%n%n%n


	This causes a segmentation fault in the AND daemon.



	There is an official  solution  right  now.  It  can  be  found  on  the
	following web site. Update AND to the version 1.0.5 :



	You can also apply the following patch which fixes the vulnerability :

	  diff -dru and-1.0.4/and.c and-1.0.4-patched/and.c

	  --- and-1.0.4/and.c     Sat Jul  7 21:43:15 2001

	  +++ and-1.0.4-patched/and.c     Fri Nov 23 11:50:27 2001

	  @@ -218,7 +218,7 @@


	       } else {

	         /* write to syslog if in full operations */

	  -      syslog(LOG_WARNING,buffer);

	  +      syslog(LOG_WARNING, \"%s\", buffer);





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH