| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200408160913.56792.noamr@beyondsecurity.com> From: noamr at beyondsecurity.com (Noam Rathaus) Subject: some small bugs. On Monday 16 August 2004 03:36, you wrote: > On Sun, 15 Aug 2004, Noam Rathaus wrote: > > #ll -l /usr/bin/X11/dpsinfo > > -rwxr-xr-x 1 root root 6456 Jul 7 18:07 > > /usr/bin/X11/dpsinfo > > > > symbols found)...(no debugging symbols found)...(no debugging symbols > > found)... > > Program received signal SIGSEGV, Segmentation fault. > > 0x41414141 in ?? () > > (gdb) bt > > #0 0x41414141 in ?? () > > > > So Debian is also vulnerable, both these binaries come with the > > xbase-clients package. Hi, I got numerous answers stating that its not setuid, nor is it worth exploiting since you already have a shell... I didn't post the message to the mailing list stating otherwise, all I wrote that it is probably not a distro related issue (by showing that debian is vulnerable to these problems as well), and that in fact both these files are NOT setuid, allowing no gaining of elevated privileges. That is all ... as the subject says... "some small bugs" -- Thanks Noam Rathaus CTO Beyond Security Ltd. Join the SecuriTeam community on Orkut: http://www.orkut.com/Community.aspx?cmm=44441
Powered by blists - more mailing lists