[6604] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Minor hole in "cxhextris" on certain Linux.

daemon@ATHENA.MIT.EDU (Jess Kitchen)
Sat Apr 25 17:47:25 1998

Date: 	Sat, 25 Apr 1998 19:39:05 +0100
Reply-To: Jess Kitchen <jk@DAC.ORG>
From: Jess Kitchen <jk@DAC.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.95.980425142306.5474A-100000@ferret.lmh.ox.ac.uk>

On Sat, 25 Apr 1998, Chris Evans wrote:

> On my RedHat Linux systems, cxhextris has a binary called "xhextris", and
> it runs under the euid "games".
>
> A bug in this program will allow local users to subvert the user "games",
> perhaps using this to then hide their activities (or cheat in the high
> score table!! :-)

Or perhaps do something useful like replacing /usr/games/fortune therefore
gaining the ability to have other users execute whatever you like upon
login.

> Cheers
> Chris
>

Regards,

---
Jess Kitchen (jk@dac.org)
    http://www.dac.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6604] in bugtraq

Re: Minor hole in "cxhextris" on certain Linux.

daemon@ATHENA.MIT.EDU (Jess Kitchen)Sat Apr 25 17:47:25 1998

daemon@ATHENA.MIT.EDU (Jess Kitchen)
Sat Apr 25 17:47:25 1998