[15141] in bugtraq
Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
daemon@ATHENA.MIT.EDU (noir)
Thu Jun 1 19:57:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <39338517.A9FDEAA4@gsu.linux.org.tr>
Date: Tue, 30 May 2000 12:08:39 +0300
Reply-To: noir <noir@GSU.LINUX.ORG.TR>
From: noir <noir@GSU.LINUX.ORG.TR>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
> The person who originally reported this is only using "medium" security
> level. I asked him in private to raise the security level to 4 or 5 and
> report again, but never heard back.
>
> Under Linux-Mandrake, security level 4/5 involves a filesystem scan and
> possibly chmod, independent of individual programs in most cases.
>
> Jeff
>
> --
> Jeff Garzik | Liberty is always dangerous, but
> Building 1024 | it is the safest thing we have.
> MandrakeSoft, Inc. | -- Harry Emerson Fosdick
I did tested the exploit code on seclev. 3/4/5, it works just FINE ! gid=80 : )
