7 lines
No EOL
708 B
Text
Executable file
7 lines
No EOL
708 B
Text
Executable file
source: http://www.securityfocus.com/bid/1206/info
|
|
|
|
Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine.
|
|
|
|
Red Hat, Linux Mandrake, and Turbo Linux do not currently ship with kscd setgid 'disk'.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19915.tgz |