[33710] in bugtraq
Re: XFree86 vulnerability exploit
daemon@ATHENA.MIT.EDU (Adam Langley)
Sat Feb 14 04:52:49 2004
Date: Fri, 13 Feb 2004 11:36:46 +0000
From: Adam Langley <agl@imperialviolet.org>
To: Bender <bender2@sdf.lonestar.org>
Cc: bugtraq@securityfocus.com
Message-ID: <20040213113646.GE18973@linuxpower.org>
Mail-Followup-To: Adam Langley <agl@imperialviolet.org>,
Bender <bender2@sdf.lonestar.org>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040211110900.GA7611@SDF.LONESTAR.ORG>
On Wed, Feb 11, 2004 at 11:09:00AM +0000, Bender wrote:
> Below you can find a exploit for latest bug in XFree86 sofware.
> Tested on some versions of RedHat Linux (mainly 7.0).
> regards
> Bender
>
> execle("/usr/bin/X11/X","X",":0","-fp","/tmp",0,envp);
It's worth pointing out that this is still a problem for installations which
do not have a SUID root. (For example, the X server is started by a display
manager which is already root).
If you can send commands to the X server you can:
% xset +fp /path/to/bad/fontdir
Which has the same effect (comfirmed).
--
Adam Langley agl@imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
