Bugtraq: Re: XDM bug

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: XDM bug

From: batsy () interlog com (jamie)
Date: Fri, 3 Jan 1997 14:55:21 -0500


:On Thu, 2 Jan 1997, Angel Ortiz wrote:
:[...]
:> System: UNIX Ware systems with X
:>
:> Symptom:
:> /usr/X/bin/xdm is setuid
:[...]
:> Any way, please verify xdm setuid on your systems and please let the
:> bugtraq news group know if it exists on other systems.

BSDi 2.1 is also not vulnerable. Even if it was suid, this problem can
be (briefly) alleviated by popping it in you respectice /etc/rc.* file as
opposed to starting it as a user.

-j


"The beatings will continue until morale improves."
Jamie Reid, Jr Sys-admin, batsy () interlog com x232

By Date By Thread

Current thread:

XDM bug Angel Ortiz (Jan 02)
- <Possible follow-ups>
- Re: XDM bug Steve \ (Jan 03)
  - Re: XDM bug jamie (Jan 03)
    - Re: XDM bug Alex Belits (Jan 03)
    - serious security bug in wu-ftpd v2.4 Aleph One (Jan 04)
    - Re: serious security bug in wu-ftpd v2.4 Wietse Venema (Jan 04)
    - Buffer overflow in the query cgi. Apropos of Nothing (Jan 04)
    - Re: Buffer overflow in the query cgi. Thomas H. Ptacek (Jan 04)