[4356] in bugtraq
Re: Overflow in xlock
daemon@ATHENA.MIT.EDU (Andrew G. Morgan)
Mon Apr 28 03:17:15 1997
Date: Sun, 27 Apr 1997 13:13:08 -0700
Reply-To: "Andrew G. Morgan" <morgan@PARC.POWER.NET>
From: "Andrew G. Morgan" <morgan@PARC.POWER.NET>
X-To: staikos@0WNED.ORG
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.91.970426160718.1940A-100000@warrior.0wned.org> from
"George Staikos" at Apr 26, 97 04:16:05 pm
George Staikos wrote:
> There appears to be an exploitable buffer overflow in xlock, the X based
> screensaver/locker. Xlock is installed suid root on machines with
> shadowed passwords. I have verified this on xlock versions on AIX 4.x and
> Linux (exploit for Linux posted below), but I cannot determine what
This is not a security problem with the xlock shipped with Red Hat linux.
Their PAM-enabled version is not setuid. In principle, xlock can also
verify a user's shadowed password in this "unprivileged" state, using the
pam_pwdb module.
Cheers
Andrew
--
Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
http://parc.power.net/morgan/index.html
[ For those that prefer FTP --- ftp://ftp.lalug.org/morgan ]
