KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability

ID EDB-ID:19915
Type exploitdb
Reporter Sebastian
Modified 2000-05-16T00:00:00


KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability. CVE-2000-0393. Local exploit for linux platform

                                            source: http://www.securityfocus.com/bid/1206/info

Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine. 

Red Hat, Linux Mandrake, and Turbo Linux do not currently ship with kscd setgid 'disk'.