Re: xterm exploit as promised...
Anthony C. Zboralski (frantic@SCT.FR)
Wed, 28 May 1997 11:09:45 +0200
>
> For Linux/Slackware-3.1
> % uname -a
> Linux xwing 2.0.0 #5 Fri Feb 21 13:01:20 PST 1997 i486
> % /tmp/xx /usr/X11/bin/xload
> Segmentation fault
> % /tmp/xx /usr/X11/bin/xlock
> Segmentation fault
> % /tmp/xx /usr/X11/bin/xterm
> Segmentation fault
>
> Linux Slackware distribution from ftp.cdrom.com:/pub/linux/slackware
>
> Regards,
> Chris.
>
$ cat /etc/redhat-release
release 4.1 (Vanderbilt)
$ uname -a
Linux turing.imm.net 2.0.30 #3 Sat Apr 26 22:55:36 MET DST 1997 i686
$ find /usr/X11R6 -perm +6000 -exec ls -l {} \;
-rws--x--x 1 root root 144868 Feb 13 03:49 /usr/X11R6/bin/xterm
-rws--x--x 1 root root 159472 Nov 20 1996 /usr/X11R6/bin/kterm
-rwsr-xr-x 1 root bin 710284 Feb 19 07:54 /usr/X11R6/bin/Xmetro
-r-sr-xr-x 1 root root 10464 Dec 19 01:01 /usr/X11R6/bin/XConsole
-rwsr-xr-x 1 root root 53464 Jan 31 23:16 /usr/X11R6/bin/rxvt
-rwxr-sr-x 1 root uucp 98364 Nov 21 1996 /usr/X11R6/bin/seyon
-rwxr-sr-x 1 root daemon 181436 Nov 20 1996 /usr/X11R6/bin/xbill
-rws--x--x 1 root root 136504 Nov 20 1996 /usr/X11R6/bin/nxterm
-rwsr-xr-x 1 root bin 477408 Aug 16 1996 /usr/X11R6/lib/X11/AcceleratedX/arch/LINUX/Xaccel
$ ./testx /usr/X11R6/bin/xterm
Segmentation fault
$ ./testx /usr/X11R6/bin/kterm
^[[ASegmentation fault
$ ./testx /usr/X11R6/bin/XConsole
Segmentation fault
$ ./testx /usr/X11R6/bin/rxvt
rxvt: bad option "-xrm"
rxvt: bad option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa$
[spam]
Usage v2.19:
rxvt [-help]
[-display displayname] [-geometry geom] [-/+rv] [-bg color] [-fg color]
[-fn fontname] [-iconic] [-name string] [-title string] [-n string]
[-cr color] [-/+ls] [-/+sb] [-sl number] [-/+ut] [-/+vb] [-C]
[-e command arg ...]
$ ./testx /usr/X11R6/bin/seyon
>> Warning: Could not execute `seyon-emu.
>> Notice: Falling to `xterm'.
>> Error: Could not execute `xterm'.
>> Notice: Giving up.
$ ./testx /usr/X11R6/bin/xbill
Segmentation fault
$ ./testx /usr/X11R6/bin/nxterm
Segmentation fault
Maybe more people should apply the GNU coding standard, we'll have less buffer overflow problems.
Anthony
--
Anthony C. Zboralski ACZ3 <frantic@sct.fr>
KeyID 1024/ED8D8A39
Key fingerprint = C5 27 9A 0C 56 30 10 F9 9D 54 EE DB 2C 14 2A 78