Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: cdrecord local root exploit

from [Volker Kuhlmann] Network Security [Permanent Link]
Subject: Re: cdrecord local root exploit
Date: Tue, 14 Sep 2004 13:51:51 +1200 
echo "cdr-exp.sh -- CDRecord local exploit ( Tested on 
cdrecord-2.01-0.a27.2mdk + Mandrake10)"



I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
shipping cdrecord setuid root. You could do the same thing with CVS (set
CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
root, I would think, yet that wouldn't be a bug in CVS.


The author of cdrecord obstinately argues that cdrecord must be
installed suid root, and is explicitly recommended. Especially SuSE,
who does not install cdrecord suid root, has taken a lot of flak over
this lately (investigate special SuSE copyright in versions 2.01a36 to
40 or so). It also seems that kernel 2.6.8 has changes included which
make it impossible(?) not to run cdrecord suid root. Seems like a
downhill to me but I'm not really qualified to comment.

In any case it would be inappropriate to call it a bug "in cdrecord"
when only testing the Mdk version, esp given the amount of patching
applied by Mdk. First test a vanilla cdrecord, then other distros.

Volker

-- 
Volker Kuhlmann                 is possibly list0570 with the domain in header
http://volker.dnsalias.net/             Please do not CC list postings to me.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David Covin
Next by Date:  RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Polazzo Justin
Previous by Thread:  Re: cdrecord local root exploit, Sean Davis
Next by Thread:  Re: cdrecord local root exploit, Jason T. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]