Multiple Linux Vendor kreatecd Vulnerability
BID:1061
Info
Multiple Linux Vendor kreatecd Vulnerability
| Bugtraq ID: | 1061 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 16 2000 12:00AM |
| Updated: | Mar 16 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on March 16, 2000 by Sebastian <[email protected]> |
| Vulnerable: |
SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 SuSE Linux 6.0 Halloween Linux 4.0 |
| Not Vulnerable: | |
Discussion
Multiple Linux Vendor kreatecd Vulnerability
A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program.
A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program.
Exploit / POC
Multiple Linux Vendor kreatecd Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
Multiple Linux Vendor kreatecd Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Removal of the setuid bit on the kreatecd program is recommended as a solution.
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Removal of the setuid bit on the kreatecd program is recommended as a solution.