Bugtraq mailing list archives

Re: Linux GNOME exploit

From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Wed, 29 Sep 1999 02:34:37 -0500


Also, since slackware as well <slackware 4.0> documents:

- Large repository of contributed software compiled and ready to run. This
  includes GNOME 1.0

The GNOME troubles were cross posted to slackware-security () slackware com,
though, this looks to be a dead list since nothing has rooled backout of
it for two days....

Seems prudent that the information should make it to all the distributions
that incude GNOME and maintain a security list to pass such info on for
admins and end users to deal with as nessecary.

Thanks,

Ron DuFresne

On Mon, 27 Sep 1999, Brock Tellier wrote:

    We may be missing the point here.  This isn't necessarily a nethack
or RH 6.0 vulnerability, it is a GNOME vulnerability and nothing more.
The "redhat" and "nethack" names were purely for demonstration purposes.
If Red Hat is concerned about losing face over an vulnerability like
this, perhaps they should consult those who package Mandrake as "Red Hat
Linux 6.0 with enhancements" and ship it with /etc/redhat-release.

-Brock

----- Original Message -----
From: Matt Wilson <msw () redhat com>
To: Brock Tellier <btellier () WEBLEY COM>; <BUGTRAQ () SECURITYFOCUS COM>
Sent: Monday, September 27, 1999 4:05 PM
Subject: Re: Linux GNOME exploit

On Thu, Sep 23, 1999 at 06:36:18PM -0500, Brock Tellier wrote:

... SNIP ...


The following exploit should work against any GNOME program, though I
tried it on (the irony) /usr/games/nethack, which is SGID root by

default

on RH6.0.  An attack on any program will look something like this:

[> > > [xnec@redhack gnox]$ uname -a; cat /etc/redhat-release; id
Linux redhack 2.2.9-19mdk #1 Wed May 19 19:53:00 GMT 1999 i686

unknown

Linux Mandrake release 6.0 (Venus)

... SNIP ...

It's very important to note that this is _NOT_ Red Hat Linux 6.0.  It
is Linux Mandrake 6.0.  We do not ship nethack in Red Hat Linux.  It
is included in Powertools, where it has no setuid/gid bits.

Matt
msw () redhat com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Current thread:

Linux GNOME exploit Brock Tellier (Sep 23)
- Re: Linux GNOME exploit Alan Cox (Sep 27)
- Re: Linux GNOME exploit Brock Tellier (Sep 27)
  - Re: Linux GNOME exploit Matt Wilson (Sep 27)
  - Re: Linux GNOME exploit Ron DuFresne (Sep 29)
    - Re: Linux GNOME exploit Slackware Security Team (Sep 29)
    - Multiple Vendor ARCAD permission problems Brock Tellier (Sep 29)
- Re: Linux GNOME exploit Chmouel Boudjnah (Sep 27)
- <Possible follow-ups>
- Re: Linux GNOME exploit Elliot Lee (Sep 27)
  - Re: Linux GNOME exploit Adam Sampson (Sep 28)
- Re: Linux GNOME exploit Thomas Biege (Sep 28)