lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: noamr at beyondsecurity.com (Noam Rathaus)
Subject: some small bugs.

On Monday 16 August 2004 03:36, you wrote:
> On Sun, 15 Aug 2004, Noam Rathaus wrote:
> > #ll -l /usr/bin/X11/dpsinfo
> > -rwxr-xr-x    1 root     root         6456 Jul  7 18:07
> > /usr/bin/X11/dpsinfo
> >
> > symbols found)...(no debugging symbols found)...(no debugging symbols
> > found)...
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x41414141 in ?? ()
> > (gdb) bt
> > #0  0x41414141 in ?? ()
> >
> > So Debian is also vulnerable, both these binaries come with the
> > xbase-clients package.
Hi,

I got numerous answers stating that its not setuid, nor is it worth exploiting 
since you already have a shell...

I didn't post the message to the mailing list stating otherwise, all I wrote 
that it is probably not a distro related issue (by showing that debian is 
vulnerable to these problems as well), and that in fact both these files are 
NOT setuid, allowing no gaining of elevated privileges.

That is all ... as the subject says... "some small bugs"

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=44441


Powered by blists - more mailing lists