From owner-freebsd-security  Sun Aug 25 19:08:35 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA09380
          for security-outgoing; Sun, 25 Aug 1996 19:08:35 -0700 (PDT)
Received: from irbs.irbs.com (irbs.com [199.182.75.129])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA09374
          for <security@freebsd.org>; Sun, 25 Aug 1996 19:08:30 -0700 (PDT)
Received: (from jc@localhost) by irbs.irbs.com (8.7.5/8.6.6) id WAA11517; Sun, 25 Aug 1996 22:07:50 -0400 (EDT)
From: John Capo <jc@irbs.com>
Message-Id: <199608260207.WAA11517@irbs.irbs.com>
Subject: Re: Vulnerability in the Xt library (fwd)
In-Reply-To: <96Aug26.010928+0100mesz.398680-222+4828@hphalle0.informatik.tu-muenchen.de> from Stefan `Sec` Zehl at "Aug 26, 96 01:09:11 am"
To: zehl@informatik.tu-muenchen.de (Stefan `Sec` Zehl)
Date: Sun, 25 Aug 1996 22:07:49 -0400 (EDT)
Cc: security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL25 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Stefan `Sec` Zehl writes:
> I can confirm this for Freebsd 2.2-Current, it gives me a euid=0 /bin/sh
> 

I can also.  The xterm cores on -stable though.

 irbs /kernel: pid 11509 (xterm), uid 0: exited on signal 10

John Capo                                                   jc@irbs.com
IRBS Engineering                       FreeBSD Servers and Workstations
(954) 792-9551                 Unix/Internet Consulting - ISP Solutions