Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 82148

Summary: Security update not applied to Synaesthesia Privilege Escalation Vulnerabilities
Product: Gentoo Security Reporter: eromang <eromang>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: sound
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/10945/
Whiteboard:
Package list:
Runtime testing required: ---

Description eromang 2005-02-15 12:17:34 UTC
Some vulnerabilities have been reported in Synaesthesia, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

 1) Synaesthesia creates a configuration file with root privileges, which is writable by the users group. This can potentially be exploited to escalate privileges.

 2) Synaesthesia reads configuration and mixer files with root privileges. This can potentially be exploited to disclose sensitive information.

Solution:
Remove the setuid bit.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.



Expected Results:  
Privilege escalation
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-02-15 13:36:29 UTC
Apparently our synaesthesia doesn't have the setuid bit. Please reopen if you disagree.