#152 [CVE-2012-0698] DoS against tcsd

Bug
closed-fixed
TCS Daemon (25)
5
2012-09-25
2012-01-13
No

The attached python script will cause tcsd to segfault.

In general, there is a lot of input validation missing all over trousers.

If this isn't fixed soon, I'll probably disclose it somewhere else, too. In the mean time, I will notify some distros.

Discussion

  • Andy Lutomirski

    Andy Lutomirski - 2012-01-13

    Exploit

     
    Attachments
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-13

    I think that at least UnloadBlob_PCR_EVENT has a similar remotely exploitable bug.

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-14

    This is CVE-2012-0698

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-01-14
    • summary: DoS against tcsd --> [CVE-2012-0698] DoS against tcsd
     
  • Rajiv Andrade

    Rajiv Andrade - 2012-01-16

    Fix is on its way.

     
  • Rajiv Andrade

    Rajiv Andrade - 2012-01-17

    By the way, none of these are 'exploitable', since the daemon runs unprivileged.

     
  • Andy Lutomirski

    Andy Lutomirski - 2012-04-24

    I may play around and see if I can still easily exploit it. I find this code to be rather scary.

     
  • Kent Yoder

    Kent Yoder - 2012-09-25
    • status: open --> closed-fixed
     
  • Kent Yoder

    Kent Yoder - 2012-09-25

    Hi Andy, I'd be interested to hear of any more exploits you've found. Try 0.3.10, I've added a bit of hardening to it over 0.3.9. For now I'll close this bug but if you find anything please do reopen it.

    Kent

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks