[1548] in linux-security and linux-alert archive
[linux-security] Re: cxterm buffer overrun
daemon@ATHENA.MIT.EDU (Marcin Bohosiewicz)
Thu May 15 05:51:27 1997
Date: Thu, 15 May 1997 10:41:53 +0200 (MET DST)
From: Marcin Bohosiewicz <marcus@venus.wis.pk.edu.pl>
To: linux-security@redhat.com
In-Reply-To: <3379E89B.48A6FCEB@softcom.net>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Wed, 14 May 1997, Ming Zhang wrote:
> cxterm is a Chinese terminal emulator for the X Window System.
> It's installed as suid-root by default if you did a make install.
> Just like xterm, it does needs to be suid to update
> /etc/utmp...blahblah...
[exploit was here]
This bug are also in mxterm-2.0-2 (Motiff Xterm) and xterm from
XFree86-3.2-9.
I tested exploit on RedHat 4.0 with libXt from XFree86-libs-3.2-9
and it works (bash#)
Probably this bug is in function XtAppInitialize() in libXt
Temp. fix: chmod -s /Xpath/bin/*xterm
M.
-| == Marcin Bohosiewicz marcus@venus.wis.pk.edu.pl == |-
-| == tel. +048 (0-12) 37-44-99 marcus@krakow.linux.org.pl == |-
-| == Strona Domowa - http://venus.wis.pk.edu.pl/marcus/ == |-