Hosting Provided By

RE: xscreensaver exploit for Redhat 7.3

From: Adam Gilmore <vuln(at)optusnet.com.au>
Date: Sat Mar 08 2003 - 03:47:24 EST

I don't think there are any vulnerabilities for the default installation of RH7.3 (as far as suid root apps go). I tested this vulnerability on xterm as well, but it seems xterm on RH7.3 drops root privileges before it overflows. And besides, xterm isn't setuid root on RH7.3 by default. So this isn't a *major* security risk for rh.

-----Original Message-----
From: Inode [mailto:inode@mediaservice.net] Sent: Saturday, 8 March 2003 6:46 AM
To: vuln-dev@securityfocus.com
Subject: Re: xscreensaver exploit for Redhat 7.3

Hi all,
exploit attached.

Comments are welcome.

Sincerely,

+-------------------------------------------------------------------+

| Agazzini Maurizio                       Tel:   +39-011-32.72.100  |


+-------------------------------------------------------------------+

Received on Sun Mar 9 02:28:06 2003

This message: [ Message body ]
Next message: Kryptik Logik: "Why SUID Binary exploit does not yield root shell?"
Previous message: Adam Gilmore: "RE: /usr/sbin/sendmail"
In reply to Inode: "Re: xscreensaver exploit for Redhat 7.3"
Next in thread: H D Moore: "Re: xscreensaver exploit for Redhat 7.3"
Reply: H D Moore: "Re: xscreensaver exploit for Redhat 7.3"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT