Re: cdrdao insecure filehandling

From: Guillaume PELAT (guillaume.pelatat_private)
Date: Tue Jan 15 2002 - 01:45:46 PST

Next message: Brian Gallagher: "Authorize.Net Plain Text Login Transmission"

Previous message: Omkhar Arasaratnam: "Vulnerability Netgear RP-114 Router - nmap causes DOS"
In reply to: Jens Steube: "cdrdao insecure filehandling"
Next in thread: Anthony DeRobertis: "Re: cdrdao insecure filehandling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Jens Steube" <jsteubeat_private> wrote in message
news:1010876960.3c40c220caef8at_private
> --[ Bugs ]--
>
> Cdrdao doesnt check for permissions when it trys to open a file
> as its "toc-file". So it was possible to open all Files on the
> System, but it skips the Output on its Error-Message. Maybe it is
> possible to trick to read all these Files.

I confirm it is possible to read all these files using show-data command.
A proof of concept script is attached.

--
Guillaume Pelat
Security Expert

INTEXXIA
171 Av. Georges Clemenceau
92024 NANTERRE CEDEX - FRANCE
tel: +33 1 55 69 49 10
fax:  +33 1 55 69 78 80
http://www.intexxia.com

application/octet-stream attachment: show_file.sh

Next message: Brian Gallagher: "Authorize.Net Plain Text Login Transmission"
Previous message: Omkhar Arasaratnam: "Vulnerability Netgear RP-114 Router - nmap causes DOS"
In reply to: Jens Steube: "cdrdao insecure filehandling"
Next in thread: Anthony DeRobertis: "Re: cdrdao insecure filehandling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 14:53:30 PST