Full Disclosure mailing list archives

Re: some small bugs.

From: Noam Rathaus <noamr () beyondsecurity com>
Date: Mon, 16 Aug 2004 09:13:56 +0300

On Monday 16 August 2004 03:36, you wrote:

On Sun, 15 Aug 2004, Noam Rathaus wrote:

#ll -l /usr/bin/X11/dpsinfo
-rwxr-xr-x    1 root     root         6456 Jul  7 18:07
/usr/bin/X11/dpsinfo

symbols found)...(no debugging symbols found)...(no debugging symbols
found)...
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) bt
#0  0x41414141 in ?? ()

So Debian is also vulnerable, both these binaries come with the
xbase-clients package.

Hi,

I got numerous answers stating that its not setuid, nor is it worth exploiting 
since you already have a shell...

I didn't post the message to the mailing list stating otherwise, all I wrote 
that it is probably not a distro related issue (by showing that debian is 
vulnerable to these problems as well), and that in fact both these files are 
NOT setuid, allowing no gaining of elevated privileges.

That is all ... as the subject says... "some small bugs"

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=44441

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

some small bugs. Gabriele Galadini (Aug 14)
- Re: some small bugs. kf_lists (Aug 14)
  - Re: some small bugs. Gabriele Galadini (Aug 15)
- Re: some small bugs. Noam Rathaus (Aug 15)
  - Re: some small bugs. Andrew Farmer (Aug 15)
  - Re: some small bugs. Ted Unangst (Aug 15)
    - Re: some small bugs. Noam Rathaus (Aug 16)
- Re: some small bugs. Jeffrey Denton (Aug 17)
  - Re: some small bugs. Valdis . Kletnieks (Aug 17)
    - Re: some small bugs. kf_lists (Aug 17)
    - Re: some small bugs. Jeffrey Denton (Aug 17)