Vulnerability Development mailing list archives
Problems with: xcdroast, gatos, xkobo, xbill, iagno, ++
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Wed, 14 Jun 2000 11:58:43 -0700
The author posted this message to BUGTRAQ but failed to determine whether any of these problems are exploitable. I am forwarding it to VULN-DEV for discussion. If you find any of this programs exploitable please forward the information to BUGTRAQ. Message-ID: <386403378.960655689985.JavaMail.root () web313-mc mail com> Date: Sat, 10 Jun 2000 12:48:09 -0400 (EDT) From: teleh0r - <teleh0r () doglover com> To: BUGTRAQ () SECURITYFOCUS COM Subject: Problems with: xcdroast, gatos, xkobo, xbill, iagno, ++ ---------------------------------------------------------------- - A result of too much time - <teleh0r () doglover com> anno 2000 - ---------------------------------------------------------------- xcdroast Version 0.96e ======================== Comes with Mandrake 7.0, (others?) I am not sure about earlier distribusions. It is installed setuid root. If the setuid bit is removed you will be told that the program cannot run without root-permissions. It segfaults constantly. The xcdroast package contains about 137 strcpy ;-). [teleh0r@localhost teleh0r]$ export DISPLAY=ABC [teleh0r@localhost teleh0r]$ xcdroast Segmentation fault [teleh0r@localhost teleh0r]$ xcdroast -display X Segmentation fault Description: X-CD-Roast provides a GUI interface for commands like cdrecord and mkisofs. X-CD-Roast includes a self-explanatory X11 user interface, automatic SCSI and IDE hardware setup, support for mastering of new ISO9660 data CDs, support for production of new audio CDs, fast copying of CDs without hard disk buffering, and a logfile option. gatos Version 0.0.5_pre ========================= Comes with Mandrake 7.0, (others?) I am not sure about earlier distribusions. Description: GATOS (General ATI TV and Overlay Software): ATI-TV for GNU/Linux. See http://cvs.core.binghamton.edu/~insomnia/gatos/ for full information. [teleh0r@localhost teleh0r]$ atitv -c 31337 Shared memory segment exists - opening as client Stale lock on WRITE_BUFFER GATOS: No ATI PCI/AGP Cards ? GATOS: gatos_inita(): Invalid argument Segmentation fault [teleh0r@localhost teleh0r]$ xkobo Version 1.11 ==================== Comes with Mandrake 7.0, (others?) I am not sure about earlier distribusions. Description: Xkobo is an arcade video game for X11. The goal is to destroy the enemy bases. But the enemy will fire at you and send fighter spacecrafts to get you. You'll have hours and hours of fun with this game. [teleh0r@localhost teleh0r]$ xkobo -display Segmentation fault [teleh0r@localhost teleh0r]$ xbill Version 2.0 =================== Comes with a lot of different distributions. Great game! [teleh0r@localhost teleh0r]$ xbill -L `perl -e '{print "1"x"10000"}'` Segmentation fault [teleh0r@localhost teleh0r]$ Gnome iagno 1.0.51 ==================== Comes with Mandrake 7.0, (others?) I am not sure about earlier distribusions. [teleh0r@localhost teleh0r]$ ls -la /usr/bin/iagno -r-xr-s--x 1 root games 48316 Feb 10 2000 /usr/bin/iagno* [teleh0r@localhost bin]$ ./iagno --ior `perl -e '{print "x"x"10000"}'` (Try it...) ------------------------------------------------------------------------- Ah, two more things. There seems to be a buffer owerflow in the /usr/X11R6/lib/libX11.so.6 library. export DISPLAY=:000000000000000000... (a few more of those) <run an X-based program> isdn-config on Redhat 6.2 (great utility, btw) stores passwords in plain text in /etc/sysconfig/provider/conf-foobar Of course, only root can read it, but if there were to be a new root-exploit... I think it has happened in the past? Seriously, passwords should NEVER be stored in plain text - it should be know by now. ...to be paranoid is just to accept the truth... ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Solaris ufsroot exploit, (continued)
- Solaris ufsroot exploit Job de Haas (Jun 14)
- Exploit code for PalmOS Aviram Jenik (Jun 14)
- Re: Cisco Catalyst switches Matthew King (Jun 13)
- Re: Cisco Catalyst switches Jay Tribick (Jun 13)
- Re: Cisco Catalyst switches Andy Murren (Jun 13)
- Re: Cisco Catalyst switches rpc (Jun 13)
- Re: Cisco Catalyst switches Rostislav Opocensky (Jun 13)
- Re: Cisco Catalyst switches Saso (Jun 13)
- Re: Cisco Catalyst switches Mudge (Jun 14)
- Re: Cisco Catalyst switches Jeremy Guthrie (Jun 14)
- Problems with: xcdroast, gatos, xkobo, xbill, iagno, ++ Elias Levy (Jun 14)
- Re: Cisco Catalyst switches Mudge (Jun 14)
- Re: Cisco Catalyst switches suid () SUID KG (Jun 13)
- Update on TopLayer Advisory nawk (Jun 13)
- Re: Cisco Catalyst switches Blue Boar (Jun 13)
- Re: Cisco Catalyst switches Martin Hamilton (Jun 14)
- Solaris ufsroot exploit Job de Haas (Jun 14)