X11Amp playlist bug

Summary
Description:When installed SUID root (as suggested in the README), X11Amp creates ~/.x11amp insecurely with root privs. Oops! There are very likely to be many more security bugs in X11Amp. The performance hit of making it suid is probably not worth the security risk (IMHO).
Author:viinikala <kala@DRAGON.CZ>
Compromise: root (local)
Vulnerable Systems:Those running a vulnerable version of X11Amp (.65 and prior) suid. Mostly Linux boxes.
Date:28 February 1998
Details


Date: Sat, 28 Feb 1998 17:32:21 +0100
From: viinikala <kala@DRAGON.CZ>
To: BUGTRAQ@NETSPACE.ORG
Subject: x11amp playlist bug

hi,


x11 audio mpeg player (x11amp) version 0.65, when installed setuid root
(as suggested by the README file), creates playlist files in ~/.x11amp
while making 'root' the owner of these plaintext files (instead of the
proper user). unfortunatelly, the program DOES follow symlinks, and
overwriting for instance /etc/shadow is therefore trivial:

mkdir ~/.x11amp
ln -s /etc/shadow ~/.x11amp/ekl

now run x11amp, get into the playlist menu, select 'ekl', mark all the
entries and hit 'delete'. no matter if the prg crashes (it might),
/etc/shadow is gone, anyway.


viinikala/rvl&grif <kala@dragon.cz>
i could wrap you up in cotton wool.

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]