Hi Andy, I'd be interested to hear of any more exploits you've found. Try 0.3.10, I've added a bit of hardening to it over 0.3.9. For now I'll close this bug but if you find anything please do reopen it.
Kent
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Exploit
I think that at least UnloadBlob_PCR_EVENT has a similar remotely exploitable bug.
This is CVE-2012-0698
Fix is on its way.
This commit solves the reported issue:
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601
I'll leave it open for now awaiting internal review and reporter's acknowledgment.
Thanks
By the way, none of these are 'exploitable', since the daemon runs unprivileged.
I may play around and see if I can still easily exploit it. I find this code to be rather scary.
Hi Andy, I'd be interested to hear of any more exploits you've found. Try 0.3.10, I've added a bit of hardening to it over 0.3.9. For now I'll close this bug but if you find anything please do reopen it.
Kent