Bugtraq mailing list archives

Re: AIX 4.2 dtterm exploit

From: Darren.Moffat () UK Sun COM (Darren Moffat)
Date: Tue, 20 May 1997 22:34:49 +0100

Approved-By: aleph1 () UNDERGROUND ORG
X-MSMail-Priority: Normal
X-Priority: 3
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Tue, 20 May 1997 17:10:52 +0300
From: Georgi Guninski <guninski () HOTMAIL COM>
Subject: AIX 4.2 dtterm exploit
To: BUGTRAQ () NETSPACE ORG

There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which
spawns a root shell.

Solution: #chmod -s /usr/dt/bin/dtterm  ; dtterm seems to continue working.

Tested on AIX 4.2 RS/6000 box.

/*----cut here---------
 AIX 4.2,(others?) dtterm exploit by Georgi Guninski


Solaris 2.x runing CDE is not likely to be vulnerable since dtterm is not
setuid root.


--
Darren J Moffat

Current thread:

Re: AIX 4.2 dtterm exploit Darren Moffat (May 20)
- <Possible follow-ups>
- Re: AIX 4.2 dtterm exploit Bollinger (May 20)