[14957] in bugtraq
Re: xsoldier update for Linux Mandrake
daemon@ATHENA.MIT.EDU (Brock Tellier)
Fri May 19 17:49:38 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20000518203244.9784.qmail@nwcst284.netaddress.usa.net>
Date: Thu, 18 May 2000 15:32:44 CDT
Reply-To: Brock Tellier <btellier@USA.NET>
From: Brock Tellier <btellier@USA.NET>
X-To: lwc@VAPID.DHS.ORG, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
This -display bug seems to have resurfaced again from the exploit I wrote and
posted to bugtraq for FreeBSD 3.3's xsoldier in late 1999. More discussion,
patches, etc. can be found at
http://www.securityfocus.com/vdb/bottom.html?vid=871
-Brock
"Cashdollar, Larry" <lwc@VAPID.DHS.ORG> wrote:
> > Great little shoot 'em up game in the style of galaga. Very neat
> > graphics, but there's no sound support yet.
> >
>
> I actually wrote an exploit for this and posted it on VUL-DEV. The
> exploit would get egid 12 (games) if I had bothered to put a setregid()
> call in the shellcode. My attempts had failed. It will however get euid
> 0 from a default source installation that placed xsoldier in
> /usr/local/games as setuid root.
>
> I didnt think it was interesting enough to post on bugtraq, but since this
> came up here is a link to the exploit if anyone wants to toy with it.
>
> http://vapid.dhs.org/xsol-x.c
>
>
> -- Larry
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
