[EXPL] Cdrecord RSH SUID Shell Creation

The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com promotion

The SecuriTeam alerts list – Free, Accurate, Independent.

Get your security news from a reliable source.

Cdrecord RSH SUID Shell Creation


Max Vozeler found that the
cdrecord program, which can be installed as suid root, fails to drop euid=0
when it exec()s a program specified by the user through the $RSH environment
variable. This can be …