lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Feb 2004 11:36:46 +0000
From: Adam Langley <agl@...erialviolet.org>
To: Bender <bender2@....lonestar.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: XFree86 vulnerability exploit


On Wed, Feb 11, 2004 at 11:09:00AM +0000, Bender wrote:
> Below you can find a exploit for latest bug in XFree86 sofware.
> Tested on some versions of RedHat Linux (mainly 7.0).
> regards
> Bender
> 
>     execle("/usr/bin/X11/X","X",":0","-fp","/tmp",0,envp);

It's worth pointing out that this is still a problem for installations which
do not have a SUID root. (For example, the X server is started by a display
manager which is already root).

If you can send commands to the X server you can:
% xset +fp /path/to/bad/fontdir

Which has the same effect (comfirmed).

-- 
Adam Langley                                      agl@...erialviolet.org
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60


Powered by blists - more mailing lists