Bugtraq mailing list archives
Re: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary
From: fluffy () DUNADAN COM (William T Wilson)
Date: Wed, 25 Feb 1998 14:52:15 -0500
On Wed, 25 Feb 1998 kevingeo () CRUZIO COM wrote:
Vulnerable: Everyone who followed the installation instructions and made Quake2 setuid root.
To the best of my knowledge, Quake2 suffers from the same bug that squake suffers from. You can use the -gamedir option (or its quake 2 equivalent) to make squake cough up a root shell using a standard buffer overflow exploit. I don't believe Zoid altered this for quake 2. I don't think he cares about security at all. I wouldn't install anything of Zoid's setuid root without making it group-owned by a trusted group and mode 4750. This new exploit of yours even allows you to do evil things with Zoidware even if it is installed with a wrapper. :\ (Unless you want to make your wrapper check all the file permissions too)
Current thread:
- /usr/dt/bin/dtappgather exploit Mastoras (Feb 23)
- Re: /usr/dt/bin/dtappgather exploit J.A. Gutierrez (Feb 24)
- AOL Instant Messanger Bug Aleph One (Feb 24)
- Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files kevingeo () CRUZIO COM (Feb 25)
- Re: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary William T Wilson (Feb 25)
- Quake 2 Linux 3.13 - ref_root.so still works kevingeo () CRUZIO COM (Feb 25)
- <Possible follow-ups>
- Re: /usr/dt/bin/dtappgather exploit Steven Goldberg - SE - Seattle WA (Feb 25)
- Re: /usr/dt/bin/dtappgather exploit J.A. Gutierrez (Feb 25)