Bugtraq mailing list archives
Re: cdrecord local root exploit
From: Sean Davis <dive () endersgame net>
Date: Sun, 12 Sep 2004 13:10:09 -0400
On Fri, Sep 10, 2004 at 01:30:17AM -0000, newbug Tseng wrote:
#!/bin/bash echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)" echo "Author : newbug [at] chroot.org" echo "IRC : irc.chroot.org #chroot" echo "Date :09.09.2004"
I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by shipping cdrecord setuid root. You could do the same thing with CVS (set CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid root, I would think, yet that wouldn't be a bug in CVS. -Sean -- /~\ The ASCII \ / Ribbon Campaign Sean Davis X Against HTML aka dive / \ Email!
Attachment:
_bin
Description:
Current thread:
- cdrecord local root exploit newbug Tseng (Sep 10)
- Re: cdrecord local root exploit Sean Davis (Sep 13)
- Message not available
- Re: cdrecord local root exploit Sean Davis (Sep 13)
- Message not available
- Re: cdrecord local root exploit Volker Kuhlmann (Sep 14)
- Re: cdrecord local root exploit Marcus Meissner (Sep 16)
- Re: cdrecord local root exploit Coleman (Sep 16)
- Re: cdrecord local root exploit Jason T. Miller (Sep 16)
- Re: cdrecord local root exploit Dr Andrew C Aitchison (Sep 27)
- Re: cdrecord local root exploit Jason T. Miller (Sep 30)
- Re: cdrecord local root exploit Sean Davis (Sep 13)