[15131] in bugtraq
Re: strike#2
daemon@ATHENA.MIT.EDU (krahmer@CS.UNI-POTSDAM.DE)
Thu Jun 1 00:30:43 2000
Message-Id: <20000531173150.A366F1EEC1@lists.securityfocus.com>
Date: Wed, 31 May 2000 10:31:50 -0700
Reply-To: krahmer@CS.UNI-POTSDAM.DE
From: krahmer@CS.UNI-POTSDAM.DE
X-To: bugtraq@securityfocus.co
To: BUGTRAQ@SECURITYFOCUS.COM
>U may say gid=80 (cdwriter) is useless but anyways here is the xploit
>
>respect,
>noir
>
>PS: wait for strike #3
Heh.
To get strike #2.5, just
link ~/.imwheelrc to /etc/shadow and execute imwheel-solo.
We wrote advisory weeks ago, and the fix which is
offered by mandrake works only for the worst thing (overflow).
imwheel is still insecure. I don't like the suid perl-script even,
coz it _might_ lets any user kill any process.
regards,
Sebastian
-=[ cc -Dw=write x.c -- 172 bytes, 1 line ]=-
char s[]="char s[]=;main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);}";main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);}
-=[ http://www.cs.uni-potsdam.de/homepages/students/linuxer ]=-
