On Thu, Mar 06, 2003 at 06:26:41PM -0000, Angelo Rosiello wrote: > > I think you don't need other comments: > > /* > ** > ** Tested on rh 7.3 using XFree86 > ** xscreensaver vulnerability > ** AUTHORS: Angelo Rosiello (Guilecool) & deka > ** REQUIRES: X must be run! > ** EFFECTS: local root exploit! > ** Oddly enough, this does NOT work on my RedHat 7.3 installation. I have the default xscreensaver RPM installed (xscreensaver-3.33-4). When I run this, xscreensaver DOES dump core, however, xscreensaver is not suid root and so will not itself give a root exploit. Perhaps there is an expected interaction with the X server (which is running as root) but this is not clear from Angelo's message. Steven Leikeim Department of Electrical and Computer Engineering University of Calgary
This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 09:36:13 PST