On Sat, 18 Apr 2020 at 23:45, Hiisi <hi...@fedoraproject.org> wrote: > On Sat, Apr 18, 2020 at 12:44 PM Samuel Sieb <sam...@sieb.net> wrote: > > > > > Are you sure that's a binary? That looks more like a script of some > > sort. What does "file wnprun/bin/witnotp" say? > > You are right. It's a script actually: > workspace/tmp/jake/wnprun/bin/witnotp: Bourne-Again shell script, > ASCII text executable > > The line that causes the error is: > wnp_dir=`netfsname $wnp_dir` > Maybe I will play with it trying to substitute that outdated bash > commands. What would be your guess for netfsname?
Do you know when the software was used? Maybe a tool for Acorn NetFS <https://en.wikipedia.org/w/index.php?title=Acorn_NetFS&redirect=no>, which now redirects to Econet <https://en.wikipedia.org/wiki/Econet#NFS> on Wikipedia. "Support for Econet was removed from the Linux kernel <https://en.wikipedia.org/wiki/Linux_kernel> at version 3.5 in 2012" See: https://www.exploit-db.com/exploits/15704 for an exploit and note that "RedHat does not support Econet by default". * CVE-2010-3849 * ------------- * This is a NULL pointer dereference in the Econet protocol. By itself, it's * fairly benign as a local denial-of-service. It's a perfect candidate to * trigger the above issue, since it's reachable via sock_no_sendpage(), which * subsequently calls sendmsg under KERNEL_DS. * * CVE-2010-3850 * ------------- * I wouldn't be able to reach the NULL pointer dereference and trigger the * OOPS if users weren't able to assign Econet addresses to arbitrary * interfaces due to a missing capabilities check. * * In the interest of public safety, this exploit was specifically designed to * be limited: * * * The particular symbols I resolve are not exported on Slackware or Debian * * Red Hat does not support Econet by default * * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and * Debian * * However, the important issue, CVE-2010-4258, affects everyone, and it would * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly * more sophisticated version of this that doesn't have the roadblocks I put in * to prevent abuse by script kiddies. * * Tested on unpatched Ubuntu 10.04 kernels, both x86 and x86-64. You might try installing Ubuntu 10.04 <http://old-releases.ubuntu.com/releases/10.04.0/> in a VM. The University of Utah has a large collection of VM's and might be able to help, but "netfsname" doesn't appear in https://www.math.utah.edu/~beebe/unix/unix-commands.html . They may not be installing old network software. They do have ftp://ftp.math.utah.edu/pub/mirrors/ftp.redhat.com/pub/redhat/linux/8.0/en/iso/i386/ ftp://ftp.math.utah.edu/pub/mirrors/ftp.redhat.com/pub/redhat/linux/9/en/iso/i386/ -- George N. White III
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
