Debian Security Advisory
lsof -- Buffer overflow in lsof
- Date Reported:
- 20 Feb 1999
- Affected Packages:
- lsof
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0405.
- More information:
- When lsof is setuid-root or setgid kmem, it is vulnerable
to a buffer overflow that could lead to direct root compromise or root
compromise thru live kernel patching.
This Securityfocus archive posting from hert.org, emphasizes that lsof should not be setuid-root or setgid.
- Fixed in:
-
- Source:
- http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.dsc
- http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.diff.gz
- http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37.orig.tar.gz
- http://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.diff.gz
- i386:
- http://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.35_4.37-3_i386.deb
- m68k:
- http://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.36_4.37-3_m68k.deb