Bugtraq mailing list archives
Re: kon2
From: Martin Schulze <joey () FINLANDIA INFODROM NORTH DE>
Date: Mon, 7 Aug 2000 00:26:37 +0200
Elias Levy wrote:
Package : kon2-0.3.8 Compromise : root Vulnerable Sistems : All linux sistems that have this package installed. Author : E-Ligth (Hugo Oliveira Dias) - mail : bsphere () clix pt Discussion : There is a vulnerable suid program, called FLD that is part of the kon2-0.3.8 package. This program accepts options input from a text file and its possible to input arbitrary code into the stack and spawning a root shell.
This code uses zsh with the name of zh to spawn the shell. The exploit code was developed to participate in Wargames of www.hack3r.com. The target computer was the host hercules.hacker.org running Turbo Linux 6.0.4 and my distribution is Linux Mandrake 7.0.Both revealed to be vulnerable to this exploit. I think Debian also as this package but i donĀ“t try this exploit in it.
Yes, Debian distributes kon2 packages: Debian GNU/Linux 2.1 0.3.7-9 Debian GNU/Linux 2.2 0.3.9b-3 The Debian maintainer for kon2 has decided not to make /usr/bin/fld setuid, so the exploit doesn seem to work there.
I didn't know where to report the bug first, because is the first time i find a suid exploitable program, so i send it to you www.securityfocus.com and so the problem can be solved.
Thanks. Regards, Joey Debian Security Team -- Unix is user friendly ... It's just picky about its friends.