Bugtraq mailing list archives
Re: xterm exploit as promised...
From: csh () VIEWGRAPHICS COM (Chris Sheldon)
Date: Tue, 27 May 1997 19:54:14 -0700
To test the extent of this, compile the following program and run it with various X suid programs as parameters. If you get a segmentation fault or bus error, then you are potentially vulnerable. On solaris: maxx:~/tmp ->./testx /usr/dt/bin/dtprintinfo zsh: bus error ./testx /usr/dt/bin/dtprintinfo maxx:~/tmp ->./testx /usr/dt/bin/dtaction zsh: bus error ./testx /usr/dt/bin/dtaction
More Solaris: % uname -a SunOS unix 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20 % ./xx /usr/local/X11R6.1/bin/xterm Bus Error This xterm is from the X11R6.1 package which I picked up at: ftp://sunsite.unc.edu/pub/solaris/sparc/X11R6.1.SPARC.Solaris.2.5.pkg.tgz (Note: X11R6.3 has been available in package format since March 28) For Linux/Slackware-3.1 % uname -a Linux xwing 2.0.0 #5 Fri Feb 21 13:01:20 PST 1997 i486 % /tmp/xx /usr/X11/bin/xload Segmentation fault % /tmp/xx /usr/X11/bin/xlock Segmentation fault % /tmp/xx /usr/X11/bin/xterm Segmentation fault Linux Slackware distribution from ftp.cdrom.com:/pub/linux/slackware Regards, Chris.
Current thread:
- xterm exploit as promised... David Hedley (May 27)
- <Possible follow-ups>
- Re: xterm exploit as promised... Chris Sheldon (May 27)
- Re: xterm exploit as promised... Anthony C. Zboralski (May 28)
- X11R6 resource manager buffer overflow.... David Hedley (May 28)
- interesting bug? in Irix 6.3 David Hedley (May 28)