Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1235 - There has been a security exploit reported against LSOF
There has been a security exploit reported against LSOF
Product: Red Hat Linux
Classification: Retired
Component: lsof (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-02-18 18:27 EST by Chris Siebenmann
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-02-19 11:04:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Siebenmann 1999-02-18 18:27:09 EST
BUGTRAQ has recently carried a report of a security
exploit against all current versions of LSOF up to and
including 4.40. Vic Abell, the author of LSOF, has
released a patch for it, in (email) message-id
on BUGTRAQ (with the subject 'Re: [HERT] Advisory #002
Buffer overflow in lsof'); the patch itself is at
(for lsof 4.40, clearly).
The original report of the problem was message-id
<19990218013035.B4950@red.blood.int> on BUGTRAQ and is
available at
although it doesn't give any details.

(hopefully Bugzilla will preserve the angle brackets in
those message-ids)
Comment 1 Bill Nottingham 1999-02-18 19:52:59 EST
/dev/kmem under Linux is read-only, so it is not
vulnerable to a root compromise.
Comment 2 Chris Siebenmann 1999-02-19 03:27:59 EST
It's not clear to me if read access to kmem (apparently obtainable
through the lsof exploit on RedHat 5.2, since lsof is setgid kmem
and /dev/kmem is group-readable for kmem) can be used to do evil
things. RedHat might want to look into the situation and make a
statement one way or another. (Or it might be simpler and less time
consuming to just release new lsof RPMs built from 4.40 + Vic's
Comment 3 Jeff Johnson 1999-02-19 11:04:59 EST
The immediate fix is
	chmod g-s /usr/sbin/lsof
An updated errata of lsof-4.40 with Vic Abel's patch will be issued

Note You need to log in before you can comment on or make changes to this bug.