Re: strike#2

[krahmer () CS UNI-POTSDAM DE (krahmer () CS UNI-POTSDAM DE)]

> U may say gid=80 (cdwriter) is useless but anyways here is the xploit
>
> respect,
> noir
>
> PS: wait for strike #3
Heh.
To get strike #2.5, just
link ~/.imwheelrc to /etc/shadow and execute imwheel-solo.
We wrote advisory weeks ago, and the fix which is
offered by mandrake works only for the worst thing (overflow).
imwheel is still insecure. I don't like the suid perl-script even,
coz it _might_ lets any user kill any process.

regards,
Sebastian

-=[ cc -Dw=write x.c -- 172 bytes, 1 line ]=-
char s[]="char 
s[]=;main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);}";main(){w(1,s,9);*s=34;w(1,s,1);*s=99;w(1,s,85);*s=34;w(1,s,1);w(1,s+9,76);}
-=[ http://www.cs.uni-potsdam.de/homepages/students/linuxer ]=-