Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: xterm log file vulnerability
From: kris () HUB FREEBSD ORG (Kris Kennaway)
Date: Wed, 1 Mar 2000 01:37:18 -0800

On Tue, 29 Feb 2000, Morten Welinder wrote:


Problem: when log files are enabled, they are created in the
following way (checking in XFree86 3.3.6 source; matches Solaris
binaries) and are subject to race conditions:


XFree86 3.3.6 doesn't seem to be vulnerable by default - from
xc/programs/xterm/misc.c:

#ifdef ALLOWLOGGING

/*
 * Logging is a security hole, since it allows a setuid program to write
 * arbitrary data to an arbitrary file.  So it is disabled by default.
 */

Certainly I couldn't get xterm -l -lf foo to work for me at all.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

  By Date           By Thread  

Current thread:
  • Re: xterm log file vulnerability Kris Kennaway (Mar 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]