Bugtraq mailing list archives
Re: AIX 4.2 dtterm exploit
From: Darren.Moffat () UK Sun COM (Darren Moffat)
Date: Tue, 20 May 1997 22:34:49 +0100
Approved-By: aleph1 () UNDERGROUND ORG X-MSMail-Priority: Normal X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Date: Tue, 20 May 1997 17:10:52 +0300 From: Georgi Guninski <guninski () HOTMAIL COM> Subject: AIX 4.2 dtterm exploit To: BUGTRAQ () NETSPACE ORG There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which spawns a root shell. Solution: #chmod -s /usr/dt/bin/dtterm ; dtterm seems to continue working. Tested on AIX 4.2 RS/6000 box. /*----cut here--------- AIX 4.2,(others?) dtterm exploit by Georgi Guninski
Solaris 2.x runing CDE is not likely to be vulnerable since dtterm is not setuid root. -- Darren J Moffat
Current thread:
- Re: AIX 4.2 dtterm exploit Darren Moffat (May 20)
- <Possible follow-ups>
- Re: AIX 4.2 dtterm exploit Bollinger (May 20)