> The vulnerability is caused by the fact that atop always tries to connect to t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Galanwe 46 days ago | parent | context | favorite | on: Atop 2.11 heap problems

> The vulnerability is caused by the fact that atop always tries to connect to the TCP port of 'atopgpud' during initialization. When another local program has been started (instead of 'atopgpud') that listens to this TCP port, atop connects to that program. Such program is able then to send unexpected strings that may lead to parsing failures in atop. These failures result in heap problems and segmentation faults.

Okay, so, if I have a shell and the rights to listen on a host, I can crash the "atop" of other users? That's it ? I could also create a fork bomb, fill up the disk, use all CPU and memory, etc...

TonyTrapp 46 days ago | [–]

Not the same thing at all if atop runs as root and you are a user on that system that has no root access. With a well-prepared exploit you could achieve code execution as root. That's a bit more than a simple Denial of Service by filling up the disk.

bitbasher 46 days ago | [–]

I think the concern is for privilege escalation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact