多个Linux厂商的kreatecd漏洞

漏洞信息详情

多个Linux厂商的kreatecd漏洞

• CNNVD编号：CNNVD-200003-033
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0231
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2000-03-16
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  halloween
• 漏洞来源：
  This vulnerability…

Linux kreatecd存在漏洞，它信任用来查找cdrecord程序的user-supplied路径，本地用户可以利用这个漏洞获得根权限。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Removal of the setuid bit on the kreatecd program is recommended as a solution.

来源: BID
名称: 1061
链接:http://www.securityfocus.com/bid/1061

来源: BUGTRAQ
名称: 20000316 “TESO & C-Skills development advisory — kreatecd” at:
链接:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html