0 Comments

[EXPL] Cdrecord RSH SUID Shell Creation

The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com promotion

The SecuriTeam alerts list – Free, Accurate, Independent.

Get your security news from a reliable source.

Cdrecord RSH SUID Shell Creation

SUMMARY

Max Vozeler found that the
http://www.fokus.gmd.de/research/cc/glone/employees/joerg.schilling/private/cdrecord.html
cdrecord program, which can be installed as suid root, fails to drop euid=0
when it exec()s a program specified by the user through the $RSH environment
variable. This can be …