[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] some small bugs.

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] some small bugs.
From: Noam Rathaus <noamr@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Aug 2004 09:13:56 +0300

On Monday 16 August 2004 03:36, you wrote:
> On Sun, 15 Aug 2004, Noam Rathaus wrote:
> > #ll -l /usr/bin/X11/dpsinfo
> > -rwxr-xr-x    1 root     root         6456 Jul  7 18:07
> > /usr/bin/X11/dpsinfo
> >
> > symbols found)...(no debugging symbols found)...(no debugging symbols
> > found)...
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x41414141 in ?? ()
> > (gdb) bt
> > #0  0x41414141 in ?? ()
> >
> > So Debian is also vulnerable, both these binaries come with the
> > xbase-clients package.
Hi,

I got numerous answers stating that its not setuid, nor is it worth exploiting 
since you already have a shell...

I didn't post the message to the mailing list stating otherwise, all I wrote 
that it is probably not a distro related issue (by showing that debian is 
vulnerable to these problems as well), and that in fact both these files are 
NOT setuid, allowing no gaining of elevated privileges.

That is all ... as the subject says... "some small bugs"

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=44441

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] some small bugs.
  - From: Ted Unangst

Prev by Date: Re: [Full-Disclosure] SP2 is killing me. Help?
Next by Date: Re: [Full-Disclosure] Flaws security feature of SP2
Previous by thread: Re: [Full-Disclosure] some small bugs.
Next by thread: Re: [Full-Disclosure] some small bugs.
Index(es):
- Date
- Thread