Jan-Hendrik Terstegge <sysadminat_private> wrote: On Tue, 19 Oct 1999 Ron wrote: >> While playing with xmonisdn (included in the isdn4k-utils package), >> I discovered a little bug. I didn't find anything regarding xmonisdn >> in the Bugtraq archives, so here's a quick post. >> I'm wondering if other xmonisdn users can reproduce this exploit. >> (Tested on my workstation, which is running Red Hat Linux 6.0) >>[... exploit ...] >I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 >but it >seems as if it was an only RedHat Linux exploit. >This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my >xmonisdn dies only with an Floating exception but it doesn't dump a core. -- Good, it shouldn't. If you look at the original post, this person executed those commands as root, which, on his system, allowed him to make the suid xmonisdn dump core. xmonisdn won't dump core unless you are running it as root. This isn't a security hole unless it were to dump core in a world readable mode. Brock Tellier UNIX Systems Administrator btellierat_private ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:10 PDT