When installed SUID root (as suggested in the README), X11Amp creates ~/.x11amp insecurely with root privs. Oops! There are very likely to be many more security bugs in X11Amp. The performance hit of making it suid is probably not worth the security risk (IMHO).
Those running a vulnerable version of X11Amp (.65 and prior) suid. Mostly Linux boxes.
28 February 1998
Date: Sat, 28 Feb 1998 17:32:21 +0100
From: viinikala <kala@DRAGON.CZ>
Subject: x11amp playlist bug
x11 audio mpeg player (x11amp) version 0.65, when installed setuid root
(as suggested by the README file), creates playlist files in ~/.x11amp
while making 'root' the owner of these plaintext files (instead of the
proper user). unfortunatelly, the program DOES follow symlinks, and
overwriting for instance /etc/shadow is therefore trivial:
ln -s /etc/shadow ~/.x11amp/ekl
now run x11amp, get into the playlist menu, select 'ekl', mark all the
entries and hit 'delete'. no matter if the prg crashes (it might),
/etc/shadow is gone, anyway.
i could wrap you up in cotton wool.
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: