Bugtraq mailing list archives
Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules
From: mpettit () GEOSTAFF COM (Mark K. Pettit)
Date: Thu, 24 Dec 1998 23:08:25 -0800
*** kcmsex - i386 Solaris root exploit for /usr/openwin/bin/kcms_configure *** Tested and confirmed under Solaris 2.6 i386it is a pitty, this sploit effects even Solaris 2.7 sparc and intel edition. quite fascinating that there are still people making weak suid files and still guys hunting for them.
FYI, just tested it on a Solaris 2.5 x86 box. It compiles, runs, and smashes the stack cleanly right out of the box. No command-line parameters needed. I suppose this means that they haven't messed with kcms_configure much in the past few years, eh? Mark Pettit Sr. System Administrator GeoCities
Current thread:
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules plasmoid deep/thc/clb (Dec 24)
- another X-Mas present :) vh (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Mark K. Pettit (Dec 24)
- 3Com HiPer ARC vulnerable to nestea attack Olaf Selke (Dec 25)
- Yahoo Pager - security bug w/ services 7,8 Nathan Neulinger (Dec 25)
- <Possible follow-ups>
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Scott D. Yelich (Dec 24)