Re: AIX 4.2 dtterm exploit

Darren Moffat (Darren.Moffat@UK.Sun.COM)
Tue, 20 May 1997 22:34:49 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: export USER="root""
Previous message: Joel Murphy: "Re: UNIX domain socket (Solarisx86 2.5)"
Maybe in reply to: Georgi Guninski: "AIX 4.2 dtterm exploit"
Next in thread: Bollinger: "Re: AIX 4.2 dtterm exploit"

> Approved-By: aleph1@UNDERGROUND.ORG
> X-MSMail-Priority: Normal
> X-Priority: 3
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Date: Tue, 20 May 1997 17:10:52 +0300
> From: Georgi Guninski <guninski@HOTMAIL.COM>
> Subject: AIX 4.2 dtterm exploit
> To: BUGTRAQ@NETSPACE.ORG
>
> There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which
> spawns a root shell.
>
> Solution: #chmod -s /usr/dt/bin/dtterm ; dtterm seems to continue working.
>
> Tested on AIX 4.2 RS/6000 box.
>
> /*----cut here---------
> AIX 4.2,(others?) dtterm exploit by Georgi Guninski

Solaris 2.x runing CDE is not likely to be vulnerable since dtterm is not
setuid root.

--
Darren J Moffat

Next message: Aleph One: "Re: export USER="root""
Previous message: Joel Murphy: "Re: UNIX domain socket (Solarisx86 2.5)"
Maybe in reply to: Georgi Guninski: "AIX 4.2 dtterm exploit"
Next in thread: Bollinger: "Re: AIX 4.2 dtterm exploit"