#152 [CVE-2012-0698] DoS against tcsd

Bug
closed-fixed
TCS Daemon (25)
5
2012-09-25
2012-01-13
No

The attached python script will cause tcsd to segfault.

In general, there is a lot of input validation missing all over trousers.

If this isn't fixed soon, I'll probably disclose it somewhere else, too. In the mean time, I will notify some distros.

Discussion

  • Andy Lutomirski

    Andy Lutomirski - 2012-01-13

    Exploit

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-13

    I think that at least UnloadBlob_PCR_EVENT has a similar remotely exploitable bug.

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-14

    This is CVE-2012-0698

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-14
    • summary: DoS against tcsd --> [CVE-2012-0698] DoS against tcsd
     
  • Rajiv Andrade

    Rajiv Andrade - 2012-01-16

    Fix is on its way.

     
  • Rajiv Andrade

    Rajiv Andrade - 2012-01-17

    By the way, none of these are 'exploitable', since the daemon runs unprivileged.

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-04-24

    I may play around and see if I can still easily exploit it. I find this code to be rather scary.

     
  • Kent Yoder

    Kent Yoder - 2012-09-25
    • status: open --> closed-fixed
     
  • Kent Yoder

    Kent Yoder - 2012-09-25

    Hi Andy, I'd be interested to hear of any more exploits you've found. Try 0.3.10, I've added a bit of hardening to it over 0.3.9. For now I'll close this bug but if you find anything please do reopen it.

    Kent

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks