Full Disclosure mailing list archives
Re: bitchx exploit
From: Andrew Farmer <andfarm () teknovis com>
Date: Thu, 21 Apr 2005 10:24:06 -0700
On 20 Apr 2005, at 06:37, sk wrote:
* --[ background * * BitchX contains an local exploitable Buffer Overflow condition. * Sometimes it is installed setUID to allow non-root users SSL * access for example and therfore it could be used by a mallicious * local user, to obtain root access. This code demonstrates the * described vulnerability and can be used to verify the bug on * your system(s). */
I have never, ever seen BitchX installed suid, and there's no reason it would be. SSL clients work just fine without suid.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- bitchx exploit sk (Apr 21)
- Re: bitchx exploit Andrew Farmer (Apr 21)
- Re: bitchx exploit Valdis . Kletnieks (Apr 21)
- Message not available
- Re: bitchx exploit Pablo Escobar (Apr 24)
- Re: bitchx exploit Andrew Farmer (Apr 21)