Bugtraq mailing list archives
Re: kscd vulnerability
From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Thu, 25 May 2000 11:42:42 +0200
Matt Wilson <msw () REDHAT COM> writes:
Red Hat Linux does not ship kscd setuid.
Same for Linux-Mandrake : chmou@kenobi)[~]-% rpm -qpl -v /RPMS/kdemultimedia-1.1.2-11mdk.i586.rpm |grep -w bin/kscd -rwxr-xr-x root root 200048 Apr 17 15:58 /usr/bin/kscd
sorry for not sending an advisory, but i don't have much time. :) I think the exploit is well commented. regards, Sebastian mail: Permission denied. Detected symlink to /etc/ld.so.preload. Admin has been informed. [exploit_user@lucifer]$ /tmp/boomshell [root@lucifer]#
-- MandrakeSoft Inc http://www.mandrakesoft.com In travel. --Chmouel
Current thread:
- Re: kscd vulnerability Chmouel Boudjnah (May 25)