[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] BitchX local root

To: Sha0lin <Sha0@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] BitchX local root
From: c0ntex <c0ntexb@xxxxxxxxx>
Date: Wed, 23 Nov 2005 14:01:07 +0000

"Presented below is an exploit for BitchX, a linux IRC client. If the
BitchX binary is installed SetUID (to allow SSL access for non root
users for example), an attacker can exploit a stack overflow and gain
root privileges."

"BitchX local root"

lies, lies.

On 23/11/05, Sha0lin <Sha0@xxxxxxxxxxxxxxx> wrote:
> Hi,
>
> 1) BitchX is not setuid by default, so is not dangerous bug,
> 2) the exploit's date is fake
>
> you can test the vuln with this exploit:
> http://www.securiteam.com/exploits/6J00B2KBFU.html
>
> regards,
>
> Sha0
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

--

regards
c0ntex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: BitchX local root
  - From: Sha0lin

References:
- [Full-disclosure] BitchX local root
  - From: Sha0lin

Prev by Date: [Full-disclosure] SANS Top 20: Mac OS X?
Next by Date: Re: [Full-disclosure] SmartCards programming...
Previous by thread: [Full-disclosure] BitchX local root
Next by thread: [Full-disclosure] Re: BitchX local root
Index(es):
- Date
- Thread