Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: lsof.txt

Lsof 4.40 and prior allows local users to obtain root privledges.

[ ]

Date: Thu, 18 Feb 1999 01:30:35 +0100
From: "Anthony C . Zboralski" <acz@HERT.ORG>
Subject: [HERT] Advisory #002 Buffer overflow in lsof


- --------------------------------------------------------------
  HERT - Hacker Emergency Response Team -

  Advisory:        #00002
  Title:           lsof
  Date:            17 February 1999
  Summary:         Buffer overflow in lsof version 4.40 and prior
  IMPACT:          Local users may obtain root priviledge.

  Author:          Mariusz Tmoggie Marcinkiewicz <>
  Test Exploit:
- ---------------------------------------------------------------

Copyright (C) 1999 Hacker Emergency Response Team

Permission is granted to reproduce and distribute HERT advisories in their
entirety, provided the HERT PGP signature is included and provided the alert is used for noncommercial purposes and with the intent of increasing the aware-
ness of the Internet community.

This advisory is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of

1. Background:

   lsof - list open files
   Lsof lists information about files opened by processes for most
   UNIX dialects.

   When lsof is setuid-root or setgid kmem, it is vulnerable to a buffer
   overflow that will lead to direct root compromise or root compromise
   thru live kernel patching.

   The paradox is that lsof is a great security tool for administrators and
   we encourage its uses as long as it is NOT setuid-root or setgid.

   Test exploit code for this vulnerability was developped by
   and will be made available to lsof author, HERT collaborators, sponsors
   and partners.

2. Distributions known to be affected.

   OpenBSD 2.4's ports facility retrieves and builds lsof package setgid kmem.
   FreeBSD's ports facility retrieves and builds lsof package setgid kmem.
   SuSe Linux ships lsof setgid kmem.
   Debian GNU/Linux 2.0 ships lsof setgid kmem.
   Redhat Linux 5.2 ships lsof setgid kmem.

3. Recommendations


     chmod 0755 lsof

To subscribe to the HERT Alert mailing list, email
with subscribe in the body of the message.

Contact for more information.
The HERT PGP public key is available at

To report a vulnerability:

We would like to thank the individuals who donates some of their time to HERT.

HERT is a non-profit international organisation based in France.
If you wish to join the HERT effort please send a note to
- --
Please respect the privacy of this mailing list.
To UNSUBSCRIBE, email to
with "unsubscribe" in the body. Trouble? Contact

Version: 2.6.3ia
Charset: latin1



Date: Thu, 18 Feb 1999 07:10:47 -0500
From: Vic Abell <abe@PURDUE.EDU>
Subject: Re: [HERT] Advisory #002 Buffer overflow in lsof

I would have appreciated the courtesy of an advance notice that this problem
had been discovered.  5 minutes after I learned of it *third-hand* via
DejaNews this patch was available and announced to the lsof-l mailing list:

Vic Abell <>, lsof author

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH