Full Disclosure mailing list archives
Re: BitchX local root
From: c0ntex <c0ntexb () gmail com>
Date: Wed, 23 Nov 2005 14:01:07 +0000
"Presented below is an exploit for BitchX, a linux IRC client. If the BitchX binary is installed SetUID (to allow SSL access for non root users for example), an attacker can exploit a stack overflow and gain root privileges." "BitchX local root" lies, lies. On 23/11/05, Sha0lin <Sha0 () badchecksum com> wrote:
Hi, 1) BitchX is not setuid by default, so is not dangerous bug, 2) the exploit's date is fake you can test the vuln with this exploit: http://www.securiteam.com/exploits/6J00B2KBFU.html regards, Sha0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- regards c0ntex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BitchX local root Sha0lin (Nov 23)
- Re: BitchX local root c0ntex (Nov 23)
- Re: BitchX local root Sha0lin (Nov 24)
- Re: BitchX local root c0ntex (Nov 23)