Bugtraq mailing list archives
Problem in dxterm (ULTRIX)
From: tschroed () CHEETAH WSC EDU (Trevor Schroeder)
Date: Thu, 26 Jun 1997 10:16:05 -0500
On ULTRIX 4.4 (most likely 4.5 as well), there's an enhanced xterm called dxterm. Normally it's setuid (doh!). dxterm allows users to select a file to log output to. It's a trivial matter to link this file to another file and since dxterm is running as root, it's very easy to append arbitrary data to any file on the filesystem, even if not owned by the particular user. It does not seem to follow symlinks. ____________________________________________________________ "...because this little girl needs stuff." Trevor Schroeder tschroed () cheetah wsc edu ------------------------------------------------------------
Current thread:
- Re: [ADVISORY] 4.4BSD Securelevels Charles M. Hannum (Jun 25)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 25)
- Solaris Ping bug (DoS) Adam Caldwell (Jun 25)
- Re: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 26)
- Re: Solaris Ping bug (DoS) just me. (Jun 26)
- Re: Solaris Ping bug (DoS) Francesco Messineo (Jun 26)
- 'sec-fix' for NT 3.51 Aleph One (Jun 26)
- Problem in dxterm (ULTRIX) Trevor Schroeder (Jun 26)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 26)
- Solaris Ping bug(inetsvc) Renteria Tabares J. (Jun 27)
- Announce: ypcat for Win NT/95 Aaron Spangler (Jun 27)
- Re: Solaris Ping bug (DoS) Geoff Mulligan (Jun 27)
- Win95 ping bug nomad () APOLLO TOMCO NET (Jun 29)
- Re: Solaris Ping bug (DoS) Jon Edwards (Jun 30)
- Alert: Routing and RAS Filtering issue Aleph One (Jun 27)
- Solaris Ping Bug and other [bc] oddities Aleph One (Jun 23)
- <Possible follow-ups>
- Re: [ADVISORY] 4.4BSD Securelevels Howie Kaye (Jun 26)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 26)
(Thread continues...)