Network Security: Detailed info on Re: cdrecord local root exploit

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: cdrecord local root exploit

from [Sean Davis] Network Security

[Permanent Link]

Subject:	Re: cdrecord local root exploit
Date:	Sun, 12 Sep 2004 13:10:09 -0400

On Fri, Sep 10, 2004 at 01:30:17AM -0000, newbug Tseng wrote:



#!/bin/bash

echo "cdr-exp.sh -- CDRecord local exploit ( Tested on 
cdrecord-2.01-0.a27.2mdk + Mandrake10)"
echo "Author    : newbug [at] chroot.org"
echo "IRC       : irc.chroot.org #chroot"
echo "Date      :09.09.2004"


I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
shipping cdrecord setuid root. You could do the same thing with CVS (set
CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
root, I would think, yet that wouldn't be a bug in CVS.

-Sean

--
/~\ The ASCII
\ / Ribbon Campaign                   Sean Davis
 X  Against HTML                       aka dive
/ \ Email!

pgp8jZM2aBPU4.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
cdrecord local root exploit, newbug Tseng Re: cdrecord local root exploit, Sean Davis <= Message not available Re: cdrecord local root exploit, Sean Davis Re: cdrecord local root exploit, Volker Kuhlmann Message not available Re: cdrecord local root exploit, Jason T. Miller Re: cdrecord local root exploit, Dr Andrew C Aitchison Re: cdrecord local root exploit, Jason T. Miller

Previous by Date:	[Full-Disclosure] The ArpSucker is b0rn! Be yourself, be the net., Alpt
Next by Date:	Directory Traversal Vulnerability in TwinFTP Server allows overwriting, Jérôme
Previous by Thread:	cdrecord local root exploit, newbug Tseng
Next by Thread:	Re: cdrecord local root exploit, Sean Davis
Indexes:	[Date] [Thread] [Top] [All Lists]