Re: xterm exploit as promised...

Chris Sheldon (csh@VIEWGRAPHICS.COM)
Tue, 27 May 1997 19:54:14 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: t00r of all devices: "Windows 3.11 AT&T dialup networking DoS"
Previous message: James Clement: "Linux Exploit - color_xterm (cxterm)"
Maybe in reply to: David Hedley: "xterm exploit as promised..."
Next in thread: Anthony C. Zboralski: "Re: xterm exploit as promised..."

> To test the extent of this, compile the following program and run it
> with various X suid programs as parameters. If you get a segmentation
> fault or bus error, then you are potentially vulnerable.
>
> On solaris:
>
> maxx:~/tmp ->./testx /usr/dt/bin/dtprintinfo
> zsh: bus error ./testx /usr/dt/bin/dtprintinfo
> maxx:~/tmp ->./testx /usr/dt/bin/dtaction
> zsh: bus error ./testx /usr/dt/bin/dtaction

More Solaris:
% uname -a
SunOS unix 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20
% ./xx /usr/local/X11R6.1/bin/xterm
Bus Error

This xterm is from the X11R6.1 package which I picked up at:
ftp://sunsite.unc.edu/pub/solaris/sparc/X11R6.1.SPARC.Solaris.2.5.pkg.tgz
(Note: X11R6.3 has been available in package format since March 28)

For Linux/Slackware-3.1
% uname -a
Linux xwing 2.0.0 #5 Fri Feb 21 13:01:20 PST 1997 i486
% /tmp/xx /usr/X11/bin/xload
Segmentation fault
% /tmp/xx /usr/X11/bin/xlock
Segmentation fault
% /tmp/xx /usr/X11/bin/xterm
Segmentation fault

Linux Slackware distribution from ftp.cdrom.com:/pub/linux/slackware

Regards,
Chris.

Next message: t00r of all devices: "Windows 3.11 AT&T dialup networking DoS"
Previous message: James Clement: "Linux Exploit - color_xterm (cxterm)"
Maybe in reply to: David Hedley: "xterm exploit as promised..."
Next in thread: Anthony C. Zboralski: "Re: xterm exploit as promised..."