Bugtraq mailing list archives

Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules

From: mpettit () GEOSTAFF COM (Mark K. Pettit)
Date: Thu, 24 Dec 1998 23:08:25 -0800

 ***  kcmsex - i386 Solaris root exploit for
      /usr/openwin/bin/kcms_configure
 ***  Tested and confirmed under Solaris 2.6 i386


 it is a pitty, this sploit effects even Solaris 2.7
 sparc and intel edition. quite fascinating that there
 are still people making weak suid files and still
 guys hunting for them.


FYI, just tested it on a Solaris 2.5 x86 box.

It compiles, runs, and smashes the stack cleanly right out of the box.
No command-line parameters needed.  I suppose this means that they
haven't messed with kcms_configure much in the past few years, eh?

Mark Pettit
Sr. System Administrator
GeoCities

Current thread:

Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules plasmoid deep/thc/clb (Dec 24)
- another X-Mas present :) vh (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Mark K. Pettit (Dec 24)
- 3Com HiPer ARC vulnerable to nestea attack Olaf Selke (Dec 25)
- Yahoo Pager - security bug w/ services 7,8 Nathan Neulinger (Dec 25)
- <Possible follow-ups>
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Scott D. Yelich (Dec 24)