[12027] in bugtraq
Re: Linux GNOME exploit
daemon@ATHENA.MIT.EDU (Brock Tellier)
Tue Sep 28 14:23:33 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <062301bf0930$449ddda0$3177a8c0@webley>
Date: Mon, 27 Sep 1999 16:35:50 -0500
Reply-To: Brock Tellier <btellier@WEBLEY.COM>
From: Brock Tellier <btellier@WEBLEY.COM>
X-To: Matt Wilson <msw@redhat.com>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
We may be missing the point here. This isn't necessarily a nethack
or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more.
The "redhat" and "nethack" names were purely for demonstration purposes.
If Red Hat is concerned about losing face over an vulnerability like
this, perhaps they should consult those who package Mandrake as "Red Hat
Linux 6.0 with enhancements" and ship it with /etc/redhat-release.
-Brock
----- Original Message -----
From: Matt Wilson <msw@redhat.com>
To: Brock Tellier <btellier@WEBLEY.COM>; <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Monday, September 27, 1999 4:05 PM
Subject: Re: Linux GNOME exploit
> On Thu, Sep 23, 1999 at 06:36:18PM -0500, Brock Tellier wrote:
> >
> ... SNIP ...
> >
> > The following exploit should work against any GNOME program, though I
> > tried it on (the irony) /usr/games/nethack, which is SGID root by
default
> > on RH6.0. An attack on any program will look something like this:
> >
> > [xnec@redhack gnox]$ uname -a; cat /etc/redhat-release; id
> > Linux redhack 2.2.9-19mdk #1 Wed May 19 19:53:00 GMT 1999 i686
unknown
> > Linux Mandrake release 6.0 (Venus)
> >
> ... SNIP ...
>
> It's very important to note that this is _NOT_ Red Hat Linux 6.0. It
> is Linux Mandrake 6.0. We do not ship nethack in Red Hat Linux. It
> is included in Powertools, where it has no setuid/gid bits.
>
> Matt
> msw@redhat.com
>
