Bugtraq mailing list archives
Re: strike#2
From: krahmer () CS UNI-POTSDAM DE (krahmer () CS UNI-POTSDAM DE)
Date: Wed, 31 May 2000 10:31:50 -0700
U may say gid=80 (cdwriter) is useless but anyways here is the xploit respect, noir PS: wait for strike #3
Heh. To get strike #2.5, just link ~/.imwheelrc to /etc/shadow and execute imwheel-solo. We wrote advisory weeks ago, and the fix which is offered by mandrake works only for the worst thing (overflow). imwheel is still insecure. I don't like the suid perl-script even, coz it _might_ lets any user kill any process. regards, Sebastian -=[ cc -Dw=write x.c -- 172 bytes, 1 line ]=- char s[]="char s[]=;main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);}";main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);} -=[ http://www.cs.uni-potsdam.de/homepages/students/linuxer ]=-
Current thread:
- Re: strike#2 krahmer () CS UNI-POTSDAM DE (May 31)