From owner-freebsd-ports@FreeBSD.ORG Sat May 17 14:01:32 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0847C37B401 for ; Sat, 17 May 2003 14:01:32 -0700 (PDT) Received: from avocado.salatschuessel.net (avocado.salatschuessel.net [80.86.187.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1A9E43FA3 for ; Sat, 17 May 2003 14:01:30 -0700 (PDT) (envelope-from oliver@FreeBSD.ORG) Received: (qmail 51472 invoked from network); 17 May 2003 21:01:20 -0000 Received: from unknown (HELO kartoffel.salatschuessel.net) (217.82.12.245) by avocado.salatschuessel.net with DES-CBC3-SHA encrypted SMTP; 17 May 2003 21:01:20 -0000 Date: Sat, 17 May 2003 23:01:26 +0200 From: Oliver Lehmann To: dirk@freebsd.org Message-Id: <20030517230126.10784d35.oliver@FreeBSD.ORG> X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00" cc: ports@freebsd.org Subject: cdrecord local root exploit if suid X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2003 21:01:32 -0000 This is a multi-part message in MIME format. --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, please have a look at http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2 It has no SUID bit by default on FreeBSD, but i would prefer an update to 2.01a14 just to be on the secure way. Please find a patch for updating cdrtools 2.0 to 2.01.a14 attached. Greetings, Oliver -- Oliver Lehmann @home: lehmann@ans-netz.de @office: oliver.lehmann@mgi.de @www: http://www.pofo.de/ | http://wishlist.ans-netz.de/ --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00 Content-Type: application/octet-stream; name="cdrtools.patch" Content-Disposition: attachment; filename="cdrtools.patch" Content-Transfer-Encoding: base64 SW5kZXg6IE1ha2VmaWxlCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL3BjdnMvcG9ydHMvc3lz dXRpbHMvY2RydG9vbHMvTWFrZWZpbGUsdgpyZXRyaWV2aW5nIHJldmlzaW9uIDEuNDUKZGlmZiAt dSAtcjEuNDUgTWFrZWZpbGUKLS0tIE1ha2VmaWxlCTYgTWFyIDIwMDMgMTk6MjM6MTggLTAwMDAJ MS40NQorKysgTWFrZWZpbGUJMTcgTWF5IDIwMDMgMjA6NTk6MzEgLTAwMDAKQEAgLTYsMTMgKzYs MTQgQEAKICMKIAogUE9SVE5BTUU/PQljZHJ0b29scwotUE9SVFZFUlNJT04/PQkyLjAKK1BPUlRW RVJTSU9OPz0JMi4wMS5hMTQKIFBPUlRSRVZJU0lPTj89CTAKIENBVEVHT1JJRVM/PQlzeXN1dGls cyBhdWRpbwotTUFTVEVSX1NJVEVTPQlmdHA6Ly9mdHAuYmVybGlvcy5kZS9wdWIvY2RyZWNvcmQv IFwKLQkJZnRwOi8vZnRwLmNzLnR1LWJlcmxpbi5kZS9wdWIvbWlzYy9jZHJlY29yZC8gXAotCQlm dHA6Ly9mdHAuZ3dkZy5kZS9wdWIvbGludXgvbWlzYy9jZHJlY29yZC8KLURJU1ROQU1FPQljZHJ0 b29scy0yLjAKK01BU1RFUl9TSVRFUz0JZnRwOi8vZnRwLmJlcmxpb3MuZGUvcHViL2NkcmVjb3Jk L2FscGhhLyBcCisJCWZ0cDovL2Z0cC5jcy50dS1iZXJsaW4uZGUvcHViL21pc2MvY2RyZWNvcmQv YWxwaGEvIFwKKwkJZnRwOi8vZnRwLmd3ZGcuZGUvcHViL2xpbnV4L21pc2MvY2RyZWNvcmQvYWxw aGEvCitESVNUTkFNRT0JY2RydG9vbHMtMi4wMWExNAorV1JLU1JDPQkJJHtXUktESVJ9L2NkcnRv b2xzLTIuMDEKIAogTUFJTlRBSU5FUj0JZGlya0BGcmVlQlNELm9yZwogQ09NTUVOVD89CUNkcmVj b3JkLCBta2lzb2ZzIGFuZCBzZXZlcmFsIG90aGVyIHByb2dyYW1zIHRvIHJlY29yZCBDRC1SW1dd CkluZGV4OiBkaXN0aW5mbwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvaG9tZS9wY3ZzL3BvcnRzL3N5 c3V0aWxzL2NkcnRvb2xzL2Rpc3RpbmZvLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjI2CmRpZmYg LXUgLXIxLjI2IGRpc3RpbmZvCi0tLSBkaXN0aW5mbwkxMSBKYW4gMjAwMyAyMDowOTo0OSAtMDAw MAkxLjI2CisrKyBkaXN0aW5mbwkxNyBNYXkgMjAwMyAyMDo1OTozMSAtMDAwMApAQCAtMSArMSBA QAotTUQ1IChjZHJ0b29scy0yLjAudGFyLmd6KSA9IDJlOTQwMTBkNmY3NDZjMTg3MzUyMjIzYjhl YTUwZDY0CitNRDUgKGNkcnRvb2xzLTIuMDFhMTQudGFyLmd6KSA9IGVhNGVmYjg4NTgzZjZjMmQ0 MDVkZjQ2OGE1YmJmMDg0Cg== --Multipart_Sat__17_May_2003_23:01:26_+0200_081c5a00--