On Sat, 18 Apr 2020 at 23:45, Hiisi <hiisi@xxxxxxxxxxxxxxxxx> wrote:
On Sat, Apr 18, 2020 at 12:44 PM Samuel Sieb <samuel@xxxxxxxx> wrote:
>
> Are you sure that's a binary? That looks more like a script of some
> sort. What does "file wnprun/bin/witnotp" say?
You are right. It's a script actually:
workspace/tmp/jake/wnprun/bin/witnotp: Bourne-Again shell script,
ASCII text executable
The line that causes the error is:
wnp_dir=`netfsname $wnp_dir`
Maybe I will play with it trying to substitute that outdated bash
commands. What would be your guess for netfsname?
Do you know when the software was used?
Maybe a tool for Acorn NetFS, which now redirects to Econet on Wikipedia.
See: https://www.exploit-db.com/exploits/15704 for an exploit and note that
"RedHat does not support Econet by default".
* CVE-2010-3849
* -------------
* This is a NULL pointer dereference in the Econet protocol. By itself, it's
* fairly benign as a local denial-of-service. It's a perfect candidate to
* trigger the above issue, since it's reachable via sock_no_sendpage(), which
* subsequently calls sendmsg under KERNEL_DS.
*
* CVE-2010-3850
* -------------
* I wouldn't be able to reach the NULL pointer dereference and trigger the
* OOPS if users weren't able to assign Econet addresses to arbitrary
* interfaces due to a missing capabilities check.
*
* In the interest of public safety, this exploit was specifically designed to
* be limited:
*
* * The particular symbols I resolve are not exported on Slackware or Debian
* * Red Hat does not support Econet by default
* * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
* Debian
*
* However, the important issue, CVE-2010-4258, affects everyone, and it would
* be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
* more sophisticated version of this that doesn't have the roadblocks I put in
* to prevent abuse by script kiddies.
*
* Tested on unpatched Ubuntu 10.04 kernels, both x86 and x86-64.You might try installing Ubuntu 10.04 in a VM. The University of Utah has a
large collection of VM's and might be able to help, but "netfsname" doesn't
appear in https://www.math.utah.edu/~beebe/unix/unix-commands.html . They
may not be installing old network software. They do have
George N. White III
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
