Debian Security Advisory

lsof -- Buffer overflow in lsof

Date Reported:
20 Feb 1999
Affected Packages:
lsof
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-1999-0405.
More information:
When lsof is setuid-root or setgid kmem, it is vulnerable to a buffer overflow that could lead to direct root compromise or root compromise thru live kernel patching.

This Securityfocus archive posting from hert.org, emphasizes that lsof should not be setuid-root or setgid.

Fixed in:
Source:
http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.dsc
http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.diff.gz
http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37.orig.tar.gz
i386:
http://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.35_4.37-3_i386.deb
m68k:
http://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.36_4.37-3_m68k.deb