Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sat, 12 Apr 2008 20:32:36 +0100
From: Steve Kemp <steve@...ve.org.uk>
To: oss-security@...ts.openwall.com
Subject: CVE request: tss <= 0.8.1-3: arbitary file reading

  Due to a lack of permissions checking, or privilege reduction
 the setuid(0) binary tss allows local users to read arbitrary files
 upon the local system.

  Sample "exploit" is:

              skx@...d:~$ tss -a /etc/shadow

  This opens up a console-based screen-saver displaying the animated
 contents of the shadow-file.

  Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475747

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux