Bugtraq: Re: Overflow in xlock

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Overflow in xlock

From: morgan () PARC POWER NET (Andrew G. Morgan)
Date: Sun, 27 Apr 1997 13:13:08 -0700


George Staikos wrote:

There appears to be an exploitable buffer overflow in xlock, the X based
screensaver/locker.  Xlock is installed suid root on machines with
shadowed passwords.  I have verified this on xlock versions on AIX 4.x and
Linux (exploit for Linux posted below), but I cannot determine what


This is not a security problem with the xlock shipped with Red Hat linux.
Their PAM-enabled version is not setuid.  In principle, xlock can also
verify a user's shadowed password in this "unprivileged" state, using the
pam_pwdb module.

Cheers

Andrew
--
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

By Date By Thread

Current thread:

Re: CPSN 4-970424: Possible buffer overflow in pop3d, (continued)
- Overflow in xlock George Staikos (Apr 26)
  - Re: Overflow in xlock David Hedley (Apr 27)
  - Re: Overflow in xlock Bollinger (Apr 27)
  - Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
  - Re: Thoughts about DNS... Illuminati Primus (Apr 26)
    - Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
    - Re: Thoughts about DNS... Illuminati Primus (Apr 26)
    - Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)