"Jens Steube" <jsteube@lastflood.com> wrote in message 1010876960.3c40c220caef8@troja.dnsalias.org">news:1010876960.3c40c220caef8@troja.dnsalias.org... > --[ Bugs ]-- > > Cdrdao doesnt check for permissions when it trys to open a file > as its "toc-file". So it was possible to open all Files on the > System, but it skips the Output on its Error-Message. Maybe it is > possible to trick to read all these Files. I confirm it is possible to read all these files using show-data command. A proof of concept script is attached. -- Guillaume Pelat Security Expert INTEXXIA 171 Av. Georges Clemenceau 92024 NANTERRE CEDEX - FRANCE tel: +33 1 55 69 49 10 fax: +33 1 55 69 78 80 http://www.intexxia.com
Attachment:
show_file.sh
Description: Binary data
