Bugtraq mailing list archives

DU 4.0D cdfs bug : xcd eject CDROM, even mounted.

From: koss4u () HOTMAIL COM (Alexis POLOZOV)
Date: Fri, 9 Oct 1998 09:25:21 PDT


Hello,


xcd (CD_Player for CDE users), used for playing of audio CDs "has a side
effect of making xcd's eject button always work, even when the hardware
eject switch is locked."

I would like to add :
Even when a cdfs filesystem is mounted.
Even when a file reading is in progress (cp, ls, find etc.).
Until the system is up.

The author of the program considerated this as a feature.
(See the source code is available into /usr/example/motif/xcd
directory.)

By default, you do NOT need to be root for using this command.

Exploit: eject a mounted CD-ROM with xcd, insert another CDROM and ls
-R into CDROM directory. The system will crash.

DEC is informed about this problem.

Workaround: "chmod" or "setld -d". :)

Alex

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: Referer (was Patches for wwwboard.pl), (continued)
- - - Re: Referer (was Patches for wwwboard.pl) Kevin Littlejohn (Oct 13)
    - CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen Aleph One (Oct 13)
    - FreeBSD Security Advisory: FreeBSD-SA-98:07.rst Aleph One (Oct 13)
    - Re: Referer (was Patches for wwwboard.pl) Adam Shostack (Oct 10)
    - Followup to FP98 and other Frontpage bugs pedward () WEBCOM COM (Oct 12)
    - pcnfsd ... ga (Oct 13)
    - Re: pcnfsd ... Mark Zielinski (Oct 14)
    - Re: Followup to FP98 and other Frontpage bugs Markus Stumpf (Oct 13)
    - The poisoned NUL byte Olaf Kirch (Oct 14)
    - Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Oct 12)
  - DU 4.0D cdfs bug : xcd eject CDROM, even mounted. Alexis POLOZOV (Oct 09)