[4601] in bugtraq
Re: xterm exploit as promised...
daemon@ATHENA.MIT.EDU (Chris Sheldon)
Wed May 28 01:11:28 1997
Date: Tue, 27 May 1997 19:54:14 -0700
Reply-To: Chris Sheldon <csh@VIEWGRAPHICS.COM>
From: Chris Sheldon <csh@VIEWGRAPHICS.COM>
To: BUGTRAQ@NETSPACE.ORG
> To test the extent of this, compile the following program and run it
> with various X suid programs as parameters. If you get a segmentation
> fault or bus error, then you are potentially vulnerable.
>
> On solaris:
>
> maxx:~/tmp ->./testx /usr/dt/bin/dtprintinfo
> zsh: bus error ./testx /usr/dt/bin/dtprintinfo
> maxx:~/tmp ->./testx /usr/dt/bin/dtaction
> zsh: bus error ./testx /usr/dt/bin/dtaction
More Solaris:
% uname -a
SunOS unix 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20
% ./xx /usr/local/X11R6.1/bin/xterm
Bus Error
This xterm is from the X11R6.1 package which I picked up at:
ftp://sunsite.unc.edu/pub/solaris/sparc/X11R6.1.SPARC.Solaris.2.5.pkg.tgz
(Note: X11R6.3 has been available in package format since March 28)
For Linux/Slackware-3.1
% uname -a
Linux xwing 2.0.0 #5 Fri Feb 21 13:01:20 PST 1997 i486
% /tmp/xx /usr/X11/bin/xload
Segmentation fault
% /tmp/xx /usr/X11/bin/xlock
Segmentation fault
% /tmp/xx /usr/X11/bin/xterm
Segmentation fault
Linux Slackware distribution from ftp.cdrom.com:/pub/linux/slackware
Regards,
Chris.
