Vulnerability Development mailing list archives
possible gnome remote overflow
From: rrpermeh () RCONNECT COM (Ryan Permeh)
Date: Mon, 18 Oct 1999 14:48:21 -0500
ok, i was playing around with netcat, and expiereinced the following issue(i attempted with stock RH 6.0 gnome dist, and october release gnome dist). not certain where the problem lies, my guess is somewhere within gnome-ses, but i'm not certain, as my core debug skills are a bit weak. to make the problem recur: 1. use nmap (remote) or lsof (local) to discern what port gnome-ses is running on. it is a port > 1024, and i've seen it range between 1350 and 2100. 2. use netcat to send data to the port in the following manner: nc host.example.org 1353 < /boot/vmlinuz | nc host.example.org 1353 this dumps the kernel image to the gnome-ses port(it is likely not 1353 on your box, it dynamically picks a port at startup) and it dumps the output from the gnome-ses port to another connection of the gnome-ses port. It doesn't matter what you dump, as long as it is somewhat large. This will crash an open X session, even from remote. I do not know a lot about gnome, but i do know X sessions crashing is generally regarded as a "Bad Thing". I poked at the code a bit, but couldn't find the piece where this is likely happening. Gnome-ses runs as the owner of the X Session, is TCP based, and hence, if this is an overflow, it seems likely that this could be exploited remotely (very very bad thing for people who use root to use X). please check this out, and hopefully, we can get a working fix/exploit together to take to the gnome folks. Ryan
Current thread:
- possible gnome remote overflow Ryan Permeh (Oct 18)
- Re: possible gnome remote overflow Crispin Cowan (Oct 18)
- Re: possible gnome remote overflow kay (Oct 20)
- Need help cracking wwwboard passwd.txt Devin Walters (Oct 18)
- Re: Need help cracking wwwboard passwd.txt DarkAxis Communications User (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Todd C. Campbell (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Blue Boar (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Jeff Bachtel (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Rick Magill (Oct 19)
- Re: Need help cracking wwwboard passwd.txt Jonas Luster (Oct 19)
- [update 2] Re: possible gnome remote overflow Elliot Lee (Oct 19)
(Thread continues...)
- Re: possible gnome remote overflow Crispin Cowan (Oct 18)