Bugtraq mailing list archives

Re: xterm exploit as promised...

From: csh () VIEWGRAPHICS COM (Chris Sheldon)
Date: Tue, 27 May 1997 19:54:14 -0700

To test the extent of this, compile the following program and run it
with various X suid programs as parameters. If you get a segmentation
fault or bus error, then you are potentially vulnerable.

On solaris:

maxx:~/tmp ->./testx /usr/dt/bin/dtprintinfo
zsh: bus error  ./testx /usr/dt/bin/dtprintinfo
maxx:~/tmp ->./testx /usr/dt/bin/dtaction
zsh: bus error  ./testx /usr/dt/bin/dtaction


More Solaris:
% uname -a
SunOS unix 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20
% ./xx /usr/local/X11R6.1/bin/xterm
Bus Error

This xterm is from the X11R6.1 package which I picked up at:
  ftp://sunsite.unc.edu/pub/solaris/sparc/X11R6.1.SPARC.Solaris.2.5.pkg.tgz
(Note: X11R6.3 has been available in package format since March 28)

For Linux/Slackware-3.1
% uname -a
Linux xwing 2.0.0 #5 Fri Feb 21 13:01:20 PST 1997 i486
% /tmp/xx /usr/X11/bin/xload
Segmentation fault
% /tmp/xx /usr/X11/bin/xlock
Segmentation fault
% /tmp/xx /usr/X11/bin/xterm
Segmentation fault

Linux Slackware distribution from ftp.cdrom.com:/pub/linux/slackware

Regards,
Chris.

Current thread:

xterm exploit as promised... David Hedley (May 27)
- <Possible follow-ups>
- Re: xterm exploit as promised... Chris Sheldon (May 27)
  - Re: xterm exploit as promised... Anthony C. Zboralski (May 28)
  - X11R6 resource manager buffer overflow.... David Hedley (May 28)
  - interesting bug? in Irix 6.3 David Hedley (May 28)