BugTraq
cdrecord local root exploit Sep 10 2004 01:30AM
newbug Tseng (newbug chroot org) (1 replies)
Re: cdrecord local root exploit Sep 12 2004 05:10PM
Sean Davis (dive endersgame net) (1 replies)
On Fri, Sep 10, 2004 at 01:30:17AM -0000, newbug Tseng wrote:
>
>
> #!/bin/bash
>
> echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
> echo "Author : newbug [at] chroot.org"
> echo "IRC : irc.chroot.org #chroot"
> echo "Date :09.09.2004"

I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
shipping cdrecord setuid root. You could do the same thing with CVS (set
CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
root, I would think, yet that wouldn't be a bug in CVS.

-Sean

--
/~\ The ASCII
\ / Ribbon Campaign Sean Davis
X Against HTML aka dive
/ \ Email!

[ reply ]
Re: cdrecord local root exploit Sep 14 2004 01:51AM
Volker Kuhlmann (list0570 paradise net nz) (2 replies)
Re: cdrecord local root exploit Sep 15 2004 03:48PM
Coleman (cokane cokane org) (1 replies)
Re: cdrecord local root exploit Sep 16 2004 05:57PM
Jason T. Miller (jasomill shaffstall com) (1 replies)
Re: cdrecord local root exploit Sep 27 2004 07:49AM
Dr Andrew C Aitchison (A C Aitchison dpmms cam ac uk) (1 replies)
Re: cdrecord local root exploit Sep 28 2004 06:22AM
Jason T. Miller (jasomill shaffstall com) (1 replies)
Re: cdrecord local root exploit Oct 01 2004 05:26PM
Greg A. Woods (woods planix com) (1 replies)
Re: cdrecord local root exploit Oct 01 2004 09:16PM
Jason T. Miller (jasomill theoneview com)
Re: cdrecord local root exploit Sep 15 2004 11:15AM
Marcus Meissner (meissner suse de)


 

Privacy Statement
Copyright 2010, SecurityFocus