Bugtraq mailing list archives

Re: TESO advisory -- wmcdplay

From: wichert () CISTRON NL (Wichert Akkerman)
Date: Tue, 14 Mar 2000 01:29:45 +0100


Previously krahmer () CS UNI-POTSDAM DE wrote:

Systems Affected
===================

    Any system which has wmcdplay installed as setuid root. Though on most
    popular system distributions wmcdplay is not installed by default, the
    optional installation of it is always setuid root, hence affected by the
    problem.


[.. snip snip ..]

      Debian/GNU Linux 2.1, wmcdplay 1.0beta1-2


Unlike what you imply here Debian does not ship wmcdplay setuid root.

Wichert.

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert () liacs nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>

Current thread:

Re: Exploit for Mandrake 6.1 (PAM/userhelper bug), (continued)
- - - Re: Exploit for Mandrake 6.1 (PAM/userhelper bug) Jeremy Gault (Mar 21)
  - Oracle Web Listener 4.0.x Cerberus Security Team (Mar 14)
  - Re: Advisory Update: ServerIron TCP/IP predictability fixed H D Moore (Mar 14)
    - Re: Advisory Update: ServerIron TCP/IP predictability fixed Max Vision (Mar 16)
    - FreeBSD Security Advisory: FreeBSD-SA-00:07.mh [REVISED] FreeBSD Security Officer (Mar 19)
  - Bypassing IP filters in Bordermanager 3.5 Roy Sigurd Karlsbakk (Mar 15)
  - Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability Ussr Labs (Mar 15)
  - Certificate Validation Error in Netscape Browsers... Dennis W. Mattison (Little Wolf) (Mar 15)
  - TESO & C-Skills development advisory -- kreatecd Sebastian (Mar 16)
  - Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies Richard Sheng (Mar 16)
- Re: TESO advisory -- wmcdplay Wichert Akkerman (Mar 13)