i haven't audited anything in some time. well, i just noticed this because i am doing a project with a name similar to "netprint" and i was wondering if it was at all related to what i was doing. it wasn't. but, i noticed it was setuid root and had a little bug. this bug takes advantage of the -n option witch has a bug that allows for arbitrary commands to be executed. exploit source code: http://realhalo.org/xnetprint.c Vade79 -> v9at_private -> realhalo.org.
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 09:45:43 PDT