Re: rxvt exploit

To: debian-security@lists.debian.org
Subject: Re: rxvt exploit
From: Ethan Benson <erbenson@alaska.net>
Date: Sat, 16 Jun 2001 06:25:32 -0800
Message-id: <[🔎] 20010616062531.B25820@plato.local.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3B2B69DC.6080300@gmu.edu>; from ebaseri@gmu.edu on Sat, Jun 16, 2001 at 10:14:52AM -0400
References: <[🔎] 3B2B69DC.6080300@gmu.edu>

On Sat, Jun 16, 2001 at 10:14:52AM -0400, Ehsan (Shawn) Baseri wrote:
> Just saw this, thought you guys might be interested.  Not sure how 
> damaging the exploit is though.

you get gid=utmp, which lets you corrupt the utmp database.  overall
not that big a deal but could cause some fair ammount of problems.  

the exploit does work though, i had to tweak it a bit (which is
probably intentional).  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgphoblmuwck9.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: rxvt exploit
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- rxvt exploit
  - From: "Ehsan \(Shawn\) Baseri" <ebaseri@gmu.edu>

Prev by Date: rxvt exploit
Next by Date: Re: [SECURITY] [DSA-060-1] fetchmail buffer overflow
Previous by thread: rxvt exploit
Next by thread: Re: rxvt exploit
Index(es):
- Date
- Thread