Bugtraq mailing list archives
Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report]
From: btellier () USA NET (Brock Tellier)
Date: Wed, 20 Oct 1999 11:58:49 MDT
Jan-Hendrik Terstegge <sysadmin () TATOOINE PING DE> wrote: On Tue, 19 Oct 1999 Ron wrote:
While playing with xmonisdn (included in the isdn4k-utils package), I discovered a little bug. I didn't find anything regarding xmonisdn in the Bugtraq archives, so here's a quick post. I'm wondering if other xmonisdn users can reproduce this exploit. (Tested on my workstation, which is running Red Hat Linux 6.0) [... exploit ...]
I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 >but
it
seems as if it was an only RedHat Linux exploit. This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my xmonisdn dies only with an Floating exception but it doesn't dump a core.
-- Good, it shouldn't. If you look at the original post, this person executed those commands as root, which, on his system, allowed him to make the suid xmonisdn dump core. xmonisdn won't dump core unless you are running it as root. This isn't a security hole unless it were to dump core in a world readable mode. Brock Tellier UNIX Systems Administrator btellier () usa net ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Brock Tellier (Oct 20)
- <Possible follow-ups>
- Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Antonomasia (Oct 20)