[12299] in bugtraq
Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report]
daemon@ATHENA.MIT.EDU (Brock Tellier)
Wed Oct 20 17:24:43 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <19991020175849.16473.qmail@nwcst289.netaddress.usa.net>
Date: Wed, 20 Oct 1999 11:58:49 MDT
Reply-To: Brock Tellier <btellier@USA.NET>
From: Brock Tellier <btellier@USA.NET>
X-To: Jan-Hendrik Terstegge <sysadmin@TATOOINE.PING.DE>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Jan-Hendrik Terstegge <sysadmin@TATOOINE.PING.DE> wrote:
On Tue, 19 Oct 1999 Ron wrote:
>> While playing with xmonisdn (included in the isdn4k-utils package),
>> I discovered a little bug. I didn't find anything regarding xmonisdn
>> in the Bugtraq archives, so here's a quick post.
>> I'm wondering if other xmonisdn users can reproduce this exploit.
>> (Tested on my workstation, which is running Red Hat Linux 6.0)
>>[... exploit ...]
>I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 >but
it
>seems as if it was an only RedHat Linux exploit.
>This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my
>xmonisdn dies only with an Floating exception but it doesn't dump a core.
--
Good, it shouldn't. If you look at the original post, this person executed
those commands as root, which, on his system, allowed him to make the suid
xmonisdn dump core. xmonisdn won't dump core unless you are running it as
root. This isn't a security hole unless it were to dump core in a world
readable mode.
Brock Tellier
UNIX Systems Administrator
btellier@usa.net
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
