xmcd is an x11/motif CD playing utility, in the public domain. cda, the command line interface to xmcd, executes with system administrator privileges. It is vulnerable to a symbolic link attack that may allow a local user to obtain administrator privileges.
cda, the command line interface to xmcd, executes with system administrator privileges. It creates insecure temporary files with predictable names in /tmp, a world-writable directory.
By creating symbolic links with appropriate names, a local attacker may overwrite any writable file on the system. If the attacker can control the content of the overwritten files, elevation of privileges may result.
Apply vendor patches; see the Systems Affected section below.
Remove the setuid protection from cda.
This vulnerability was first reported by Paul Starzetz
|Date First Published:||2001-11-15|
|Date Last Updated:||2001-11-15 16:22 UTC|