OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: v9REALHALO.ORG
Date: Thu Apr 26 2001 - 00:51:10 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    i haven't audited anything in some time. well, i
    just noticed this because i am doing a project
    with a name similar to "netprint" and i was
    wondering if it was at all related to what i was
    doing. it wasn't. but, i noticed it was setuid
    root and had a little bug.

    this bug takes advantage of the -n option witch
    has a bug that allows for arbitrary commands to be
    executed.

    exploit source code:
    http://realhalo.org/xnetprint.c

    Vade79 -> v9realhalo.org -> realhalo.org.