Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: checkp-1.htm

Checkps 1.2 and earlier can be made to segfault with a buffer overrun



Vulnerability

    checkps

Affected

    checkps 1.2 and earlier

Description

    Duncan  Simpson  found  following.   Crackers  with root can cause
    checkps  to  segfaultt.  (This  could  be  used  to  probe for the
    program).   He  restarted  checkps  devlopement  and  noticed that
    checkps,  his  root  kit  ps  detector  for linux (and others with
    /proc,  albeit  with  less  functionality),  has  a "feature" that
    scriblles beyond the  end of a  buffer in log_emailc  if more then
    10Kb is sent to log() between calls to log_flush().

    This buffer can not be exploited to run arbitary code becuase  all
    you can scrible are messages along he files of "Fake pid  <number>
    detetced". "Hidden pid <number>"  and "{Pid <number>: fd  <number>
    is <...>" for various all  plain text and number values  of <...>.
    Even if you could put shell code in the buffer is allocated on the
    heap amd contains no pointers to anything.

Solution

    Latest version from  CVS.  The  next version will  include the fix
    and linux netstat support.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH