Re: [VulnWatch] KDE 2/3 artsd 1.0.0 local root exploit
From: H D Moore (hdm@digitaloffense.net)Date: 07/29/02
- Previous message: John Korsak: "Hoax Exploit"
- In reply to: kokane: "KDE 2/3 artsd 1.0.0 local root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: H D Moore <hdm@digitaloffense.net> To: "kokane" <kokane@segfault.ch>, <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>, <submissions@packetstormsecurity.org> Date: Mon, 29 Jul 2002 13:43:30 -0500
The artsd binary is not setuid, its supposed to be called by the setuid
artswrapper application (which sets a higher scheduling priority,
setuid(getuid())'s and executes the real artsd binary. I haven't bothered
to look through the shellcode for backdoors yet...
---hdm@masada:/tools> head -n 20 bp_artsd.c && ls -la /opt/kde3/bin/artsd && cat /etc/SuSE-release
/* bp_artsd.c * KDE 2/3 artsd 1.0.0 local root exploit * * credits: dvorak (helped me A LOT!@#), electronicsouls.org * * greets: * bp members, dvorak, null, r00t, obz, rafa, nouse, module, phrack man, * philer, preamble, eth1cal * fucks to: fd0 (du schwule schlumpf) * * -kokane <kokane@segfault.ch> */
#include <stdio.h> #include <unistd.h> #include <stdlib.h>
#define BSIZE 1033 #define ESIZE 5120 #define RET 0xbffff808 /* tested on suse linux 8.0 */
-rwxr-xr-x 1 root root 126696 May 14 19:30 /opt/kde3/bin/artsd
SuSE Linux 8.0 (i386) VERSION = 8.0
On Monday 29 July 2002 12:55, kokane wrote: > KDE 2/3 artsd 1.0.0 local root exploit PoC. > > Cheers, > -kokane
- Previous message: John Korsak: "Hoax Exploit"
- In reply to: kokane: "KDE 2/3 artsd 1.0.0 local root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
