l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 May 14 17:27

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] [Fwd: Cdrecord local root exploit.]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] [Fwd: Cdrecord local root exploit.]

On Wed, May 14, 2003 at 01:18:29PM -0700, ME wrote:
> ---------------------------- Original Message ----------------------------
> Subject: Cdrecord local root exploit.
> From:    yjm01 <yjm01@terra.com.br>
> Date:    Tue, May 13, 2003 13:52
> To:      bugtraq <bugtraq@securityfocus.com>
> --------------------------------------------------------------------------
> Priv8security.com
> Hi, here it is local root exploit cdrecord format string bug
>  Cdrecord come suid root by default on mandrake distro and it can be
> executed by anybody.

Setuid cdrecord might make sense on systems *exclusively* for desktop
use; but why any distro would install it suid root by default is
beyond me. If I were running a server, I certainly want any idiot to
be able to screw with my CDRW drive...

The exploit itself doesn't disturb me so much: the only people who
should be able to use cdrecord at all should be folks with console
access anyway.

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!