Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.
References
Link | Resource |
---|---|
http://secunia.com/advisories/14300 | |
http://securitytracker.com/id?1013206 | |
http://www.debian.org/security/2005/dsa-681 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/12546 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-16T05:00:00
Updated: 2006-01-17T10:00:00
Reserved: 2005-01-14T00:00:00
Link: CVE-2005-0070
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-05-02T04:00:00.000
Modified: 2008-09-05T20:45:13.747
Link: CVE-2005-0070
JSON object: View
Redhat Information
No data.
CWE