lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040912171009.GB29569@endersgame.net>
Date: Sun, 12 Sep 2004 13:10:09 -0400
From: Sean Davis <dive@...ersgame.net>
To: newbug Tseng <newbug@...oot.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: cdrecord local root exploit

On Fri, Sep 10, 2004 at 01:30:17AM -0000, newbug Tseng wrote:
> 
> 
> #!/bin/bash
> 
> echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
> echo "Author    : newbug [at] chroot.org"
> echo "IRC       : irc.chroot.org #chroot"
> echo "Date      :09.09.2004"

I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
shipping cdrecord setuid root. You could do the same thing with CVS (set
CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
root, I would think, yet that wouldn't be a bug in CVS.

-Sean

--
/~\ The ASCII
\ / Ribbon Campaign                   Sean Davis
 X  Against HTML                       aka dive
/ \ Email!

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ