[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Leonard den Ottolander
leonard at den.ottolander.nlThu Feb 2 14:22:16 UTC 2017
- Previous message: [CentOS] CentOS-announce Digest, Vol 144, Issue 1
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Based on an article that was mentioned on this list https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html I found two attacker controlled memory leaks in the option parsing of pkcheck.c. These memory leaks allow a local attacker the ability to "spray the heap", i.e. initialize large parts of the heap before launching his attack. The original attack uses a setuid binary, because the author "is giving himself a break". However, the fact that the binary in the example is setuid is orthogonal to the fact that heap spraying is a very serious attack vector. Bug reports are filed but closed WONTFIX. I think this is a mistake so I would hope people could weigh in on this. https://bugs.freedesktop.org/show_bug.cgi?id=99626 https://bugzilla.redhat.com/show_bug.cgi?id=1418278 https://bugzilla.redhat.com/show_bug.cgi?id=1418287 Thanks for your interest. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
- Previous message: [CentOS] CentOS-announce Digest, Vol 144, Issue 1
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list