[12050] in bugtraq
Re: Linux GNOME exploit
daemon@ATHENA.MIT.EDU (Ron DuFresne)
Wed Sep 29 15:29:55 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.9909290227060.11603-100000@tundra.winternet.com>
Date: Wed, 29 Sep 1999 02:34:37 -0500
Reply-To: Ron DuFresne <dufresne@WINTERNET.COM>
From: Ron DuFresne <dufresne@WINTERNET.COM>
X-To: Brock Tellier <btellier@WEBLEY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <062301bf0930$449ddda0$3177a8c0@webley>
Also, since slackware as well <slackware 4.0> documents:
- Large repository of contributed software compiled and ready to run. This
includes GNOME 1.0
The GNOME troubles were cross posted to slackware-security@slackware.com,
though, this looks to be a dead list since nothing has rooled backout of
it for two days....
Seems prudent that the information should make it to all the distributions
that incude GNOME and maintain a security list to pass such info on for
admins and end users to deal with as nessecary.
Thanks,
Ron DuFresne
On Mon, 27 Sep 1999, Brock Tellier wrote:
> We may be missing the point here. This isn't necessarily a nethack
> or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more.
> The "redhat" and "nethack" names were purely for demonstration purposes.
> If Red Hat is concerned about losing face over an vulnerability like
> this, perhaps they should consult those who package Mandrake as "Red Hat
> Linux 6.0 with enhancements" and ship it with /etc/redhat-release.
>
> -Brock
>
> ----- Original Message -----
> From: Matt Wilson <msw@redhat.com>
> To: Brock Tellier <btellier@WEBLEY.COM>; <BUGTRAQ@SECURITYFOCUS.COM>
> Sent: Monday, September 27, 1999 4:05 PM
> Subject: Re: Linux GNOME exploit
>
>
> > On Thu, Sep 23, 1999 at 06:36:18PM -0500, Brock Tellier wrote:
> > >
> > ... SNIP ...
> > >
> > > The following exploit should work against any GNOME program, though I
> > > tried it on (the irony) /usr/games/nethack, which is SGID root by
> default
> > > on RH6.0. An attack on any program will look something like this:
> > >
> > > [xnec@redhack gnox]$ uname -a; cat /etc/redhat-release; id
> > > Linux redhack 2.2.9-19mdk #1 Wed May 19 19:53:00 GMT 1999 i686
> unknown
> > > Linux Mandrake release 6.0 (Venus)
> > >
> > ... SNIP ...
> >
> > It's very important to note that this is _NOT_ Red Hat Linux 6.0. It
> > is Linux Mandrake 6.0. We do not ship nethack in Red Hat Linux. It
> > is included in Powertools, where it has no setuid/gid bits.
> >
> > Matt
> > msw@redhat.com
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
