oss-sec mailing list archives
Re: CVE request: tss <= 0.8.1-3: arbitary file reading
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 17 Apr 2008 18:31:20 +0200
Hi, * Steve Kemp <steve () steve org uk> [2008-04-12 21:39]:
Due to a lack of permissions checking, or privilege reduction
the setuid(0) binary tss allows local users to read arbitrary files
upon the local system.
Sample "exploit" is:
skx@gold:~$ tss -a /etc/shadow
[...] Steve (the mitre one :) did you miss that? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE request: tss <= 0.8.1-3: arbitary file reading Steve Kemp (Apr 12)
- Re: CVE request: tss <= 0.8.1-3: arbitary file reading Nico Golde (Apr 17)
- Re: CVE request: tss <= 0.8.1-3: arbitary file reading Steven M. Christey (Apr 17)
- Re: CVE request: tss <= 0.8.1-3: arbitary file reading Nico Golde (Apr 17)