Re: XFree86 vulnerability exploit
From: Adam Langley (agl_at_imperialviolet.org)
Date: 02/13/04
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:013 - Updated mailman packages close various cross-site scripting vulnerabilities."
- In reply to: Bender: "XFree86 vulnerability exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Feb 2004 11:36:46 +0000 To: Bender <bender2@sdf.lonestar.org>
On Wed, Feb 11, 2004 at 11:09:00AM +0000, Bender wrote:
> Below you can find a exploit for latest bug in XFree86 sofware.
> Tested on some versions of RedHat Linux (mainly 7.0).
> regards
> Bender
>
> execle("/usr/bin/X11/X","X",":0","-fp","/tmp",0,envp);
It's worth pointing out that this is still a problem for installations which
do not have a SUID root. (For example, the X server is started by a display
manager which is already root).
If you can send commands to the X server you can:
% xset +fp /path/to/bad/fontdir
Which has the same effect (comfirmed).
-- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:013 - Updated mailman packages close various cross-site scripting vulnerabilities."
- In reply to: Bender: "XFree86 vulnerability exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
