Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX local root

From: c0ntex <c0ntexb () gmail com>
Date: Wed, 23 Nov 2005 14:01:07 +0000
"Presented below is an exploit for BitchX, a linux IRC client. If the
BitchX binary is installed SetUID (to allow SSL access for non root
users for example), an attacker can exploit a stack overflow and gain
root privileges."

"BitchX local root"

lies, lies.


On 23/11/05, Sha0lin <Sha0 () badchecksum com> wrote:

Hi,

1) BitchX is not setuid by default, so is not dangerous bug,
2) the exploit's date is fake

you can test the vuln with this exploit:
http://www.securiteam.com/exploits/6J00B2KBFU.html

regards,

Sha0


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--

regards
c0ntex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: