Vulnerability Development mailing list archives

RE: xscreensaver exploit for Redhat 7.3

From: "Adam Gilmore" <vuln () optusnet com au>
Date: Sat, 8 Mar 2003 18:47:24 +1000

I don't think there are any vulnerabilities for the default installation
of RH7.3 (as far as suid root apps go). I tested this vulnerability on
xterm as well, but it seems xterm on RH7.3 drops root privileges before
it overflows. And besides, xterm isn't setuid root on RH7.3 by default.
So this isn't a *major* security risk for rh.

-----Original Message-----
From: Inode [mailto:inode () mediaservice net] 
Sent: Saturday, 8 March 2003 6:46 AM
To: vuln-dev () securityfocus com
Subject: Re: xscreensaver exploit for Redhat 7.3

Hi all,
exploit attached.

Comments are welcome.

Sincerely,

+-------------------------------------------------------------------+
| Agazzini Maurizio                       Tel:   +39-011-32.72.100  |
| Security Analyst                        Fax:   +39-011-32.46.497  |
| @ Mediaservice.net S.R.L.          D.S.D. Data Security Division  |
|                                                                   |
| PGP Key   : http://www.wayreth.eu.org/Inode.asc                   |
| Disclaimer: http://@Mediaservice.net/disclaimer                   |
+-------------------------------------------------------------------+

Current thread:

Re: xscreensaver exploit for Redhat 7.3 Inode (Mar 07)
- RE: xscreensaver exploit for Redhat 7.3 Adam Gilmore (Mar 08)
  - Re: xscreensaver exploit for Redhat 7.3 H D Moore (Mar 10)
    - RE: xscreensaver exploit for Redhat 7.3 Adam Gilmore (Mar 10)