[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Security hole in splitvt versions lower than 1.6.3

Title: Security hole in splitvt versions lower than 1.6.3
Released by:
Date: 25th January 1996
Printable version: Click here

        splitvt versions lower than 1.6.3 are known to have a

security hole allowing a user to gain ROOT access on some systems!

        If you have a version lower than 1.6.3 _please_ remove

the set-uid bit on your current version, and upgrade to the newer

version as soon as possible.

("splitvt -version" will tell you what version you are running)

The set-uid bit is only for updating the utmp database and for

changing ownership of its pseudo-terminals.  It is not necessary

for splitvt's operation.

The latest version is available via anonymous ftp from 

dandelion.ceres.ca.gov in the /pub/splitvt directory.

You can also get it from sunsite.unc.edu in /pub/Linux/Incoming

now, and will hopefully to be moved to /pub/Linux/utils/terminal.

The file is splitvt-1.6.3.tgz and it is in tarred and gzipped format.

The output of md5sum on the TAR file splitvt-1.6.3.tar is:

eec2fe2c5b4a3958261197905a9d9c81  splitvt-1.6.3.tar

What it is:

        Splitvt is a program that splits any vt100 compatible 

screen into two - an upper and lower window in which you can run

two programs at the same time.  Splitvt differs from screen in 

that while screen gives you multiple virtual screens, splitvt splits

your screen into two fully visible windows.  You can even use 

splitvt with screen to provide multiple split screens.  This can 

be very handy when running over a modem, or for developing

client-server applications.

What can I use it for?

        Well, at this time, I am aware of several ways in which

people are using splitvt.  Some people like to use it over the modem

to allow them more than one window at a time, others like to use it

in xterms because they prefer having everything on the screen at once,

and some people are using it in conjunction with the -rcfile option 

to automate system administration tasks.

        If you are using splitvt in a new and unusual way,

I'd like to hear about it! 

Direct all comments to slouken@cs.ucdavis.edu

Will it run on my system?

        Well, if you run a UNIX that has pseudo-tty support, 

chances are that splitvt will work on your system.  Splitvt has

been ported to all of the "standard" unices, and also to a few

oddball unices, such as AIX, NewsOS, MP-RAS, and NeXT.

Well, that about wraps it up.  I hope you enjoy this software,

originally conceived by Dave Ljung and created by yours truly.


        -Sam Lantinga           (slouken@cs.ucdavis.edu)

(C) 1999-2000 All rights reserved.