Date: Sat, 17 May 2003 23:01:26 +0200 From: Oliver Lehmann <oliver@FreeBSD.ORG> To: dirk@freebsd.org Cc: ports@freebsd.org Subject: cdrecord local root exploit if suid Message-ID: <20030517230126.10784d35.oliver@FreeBSD.ORG>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, please have a look at http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2 It has no SUID bit by default on FreeBSD, but i would prefer an update to 2.01a14 just to be on the secure way. Please find a patch for updating cdrtools 2.0 to 2.01.a14 attached. Greetings, Oliver -- Oliver Lehmann @home: lehmann@ans-netz.de @office: oliver.lehmann@mgi.de @www: http://www.pofo.de/ | http://wishlist.ans-netz.de/ --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00 Content-Type: application/octet-stream; name="cdrtools.patch" Content-Disposition: attachment; filename="cdrtools.patch" Content-Transfer-Encoding: base64 SW5kZXg6IE1ha2VmaWxlCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL3BjdnMvcG9ydHMvc3lz dXRpbHMvY2RydG9vbHMvTWFrZWZpbGUsdgpyZXRyaWV2aW5nIHJldmlzaW9uIDEuNDUKZGlmZiAt dSAtcjEuNDUgTWFrZWZpbGUKLS0tIE1ha2VmaWxlCTYgTWFyIDIwMDMgMTk6MjM6MTggLTAwMDAJ MS40NQorKysgTWFrZWZpbGUJMTcgTWF5IDIwMDMgMjA6NTk6MzEgLTAwMDAKQEAgLTYsMTMgKzYs MTQgQEAKICMKIAogUE9SVE5BTUU/PQljZHJ0b29scwotUE9SVFZFUlNJT04/PQkyLjAKK1BPUlRW RVJTSU9OPz0JMi4wMS5hMTQKIFBPUlRSRVZJU0lPTj89CTAKIENBVEVHT1JJRVM/PQlzeXN1dGls cyBhdWRpbwotTUFTVEVSX1NJVEVTPQlmdHA6Ly9mdHAuYmVybGlvcy5kZS9wdWIvY2RyZWNvcmQv IFwKLQkJZnRwOi8vZnRwLmNzLnR1LWJlcmxpbi5kZS9wdWIvbWlzYy9jZHJlY29yZC8gXAotCQlm dHA6Ly9mdHAuZ3dkZy5kZS9wdWIvbGludXgvbWlzYy9jZHJlY29yZC8KLURJU1ROQU1FPQljZHJ0 b29scy0yLjAKK01BU1RFUl9TSVRFUz0JZnRwOi8vZnRwLmJlcmxpb3MuZGUvcHViL2NkcmVjb3Jk L2FscGhhLyBcCisJCWZ0cDovL2Z0cC5jcy50dS1iZXJsaW4uZGUvcHViL21pc2MvY2RyZWNvcmQv YWxwaGEvIFwKKwkJZnRwOi8vZnRwLmd3ZGcuZGUvcHViL2xpbnV4L21pc2MvY2RyZWNvcmQvYWxw aGEvCitESVNUTkFNRT0JY2RydG9vbHMtMi4wMWExNAorV1JLU1JDPQkJJHtXUktESVJ9L2NkcnRv b2xzLTIuMDEKIAogTUFJTlRBSU5FUj0JZGlya0BGcmVlQlNELm9yZwogQ09NTUVOVD89CUNkcmVj b3JkLCBta2lzb2ZzIGFuZCBzZXZlcmFsIG90aGVyIHByb2dyYW1zIHRvIHJlY29yZCBDRC1SW1dd CkluZGV4OiBkaXN0aW5mbwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvaG9tZS9wY3ZzL3BvcnRzL3N5 c3V0aWxzL2NkcnRvb2xzL2Rpc3RpbmZvLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjI2CmRpZmYg LXUgLXIxLjI2IGRpc3RpbmZvCi0tLSBkaXN0aW5mbwkxMSBKYW4gMjAwMyAyMDowOTo0OSAtMDAw MAkxLjI2CisrKyBkaXN0aW5mbwkxNyBNYXkgMjAwMyAyMDo1OTozMSAtMDAwMApAQCAtMSArMSBA QAotTUQ1IChjZHJ0b29scy0yLjAudGFyLmd6KSA9IDJlOTQwMTBkNmY3NDZjMTg3MzUyMjIzYjhl YTUwZDY0CitNRDUgKGNkcnRvb2xzLTIuMDFhMTQudGFyLmd6KSA9IGVhNGVmYjg4NTgzZjZjMmQ0 MDVkZjQ2OGE1YmJmMDg0Cg== --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030517230126.10784d35.oliver>