Re: AIX 4.2 dtterm exploit

Darren Moffat (Darren.Moffat@UK.Sun.COM)
Tue, 20 May 1997 22:34:49 +0100

> Approved-By: aleph1@UNDERGROUND.ORG
> X-MSMail-Priority: Normal
> X-Priority: 3
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Date: Tue, 20 May 1997 17:10:52 +0300
> From: Georgi Guninski <guninski@HOTMAIL.COM>
> Subject: AIX 4.2 dtterm exploit
> To: BUGTRAQ@NETSPACE.ORG
>
> There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which
> spawns a root shell.
>
> Solution: #chmod -s /usr/dt/bin/dtterm ; dtterm seems to continue working.
>
> Tested on AIX 4.2 RS/6000 box.
>
> /*----cut here---------
> AIX 4.2,(others?) dtterm exploit by Georgi Guninski

Solaris 2.x runing CDE is not likely to be vulnerable since dtterm is not
setuid root.

--
Darren J Moffat