Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Problems in XMCD 2.1

From: felicity () kluge net (Theo Van Dinter)
Date: Tue, 26 Nov 1996 16:14:48 -0500

On Tue, 26 Nov 1996, David J. Meltzer wrote:


   I have obtained the 2.1 release of XMCD and through a cursory
examination of the code have uncovered another buffer overflow problem
that appear to be exploitable to gain root access on the system.  I have
not verified that the hole is exploitable, although it definitely exists.
As I stated before, if you remove the suid bit from xmcd, then you do not
have to worry about upgrading other than for the new features that have
been added, whether you can still function xmcd without the suid bit
varies depending on your system.


On a side tangent, I grabbed the 2.1 binary (since I don't have the motif
libraries under Linux...) and installed it.  It's not setuid by default...

On a side tangent, the standard rule of thumb is:  "If a program doesn't
really need SUID/GID, don't give it SUID/GID." ...  Doesn't fix the buffer
overrun, but it doesn't give the user root either...

--
-----------------------------------------------------------------------------
Theo Van Dinter                          www: http://www.kluge.net/~felicity/
Vice-President WPI Lens and Lights             Active Member in SocComm Films
Member of WPI ACM                              AME for the Masque B-Term Show

                    Guillotine operators get severance pay.
-----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: