Re: Linux GNOME exploit

[btellier () WEBLEY COM (Brock Tellier)]

    We may be missing the point here.  This isn't necessarily a nethack
or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more.
The "redhat" and "nethack" names were purely for demonstration purposes.
If Red Hat is concerned about losing face over an vulnerability like
this, perhaps they should consult those who package Mandrake as "Red Hat
Linux 6.0 with enhancements" and ship it with /etc/redhat-release.

-Brock

----- Original Message -----
From: Matt Wilson <msw () redhat com>
To: Brock Tellier <btellier () WEBLEY COM>; <BUGTRAQ () SECURITYFOCUS COM>
Sent: Monday, September 27, 1999 4:05 PM
Subject: Re: Linux GNOME exploit

> On Thu, Sep 23, 1999 at 06:36:18PM -0500, Brock Tellier wrote:
> >
> ... SNIP ...
> > The following exploit should work against any GNOME program, though I
> > tried it on (the irony) /usr/games/nethack, which is SGID root by
default
> > on RH6.0.  An attack on any program will look something like this:
> >
> > [> > [xnec@redhack gnox]$ uname -a; cat /etc/redhat-release; id
> > Linux redhack 2.2.9-19mdk #1 Wed May 19 19:53:00 GMT 1999 i686
unknown
> > Linux Mandrake release 6.0 (Venus)
> ... SNIP ...
>
> It's very important to note that this is _NOT_ Red Hat Linux 6.0.  It
> is Linux Mandrake 6.0.  We do not ship nethack in Red Hat Linux.  It
> is included in Powertools, where it has no setuid/gid bits.
>
> Matt
> msw () redhat com