Bug 64898 (CVE-2005-0070)

Summary: VUL-0: CVE-2005-0070: synaesthesia: Unauthorised file access
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Vladimir Nadvornik <nadvornik>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2005-0070: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: synaesthesia.diff

Description Thomas Biege 2005-01-17 21:18:48 UTC 
Hi, 
we received the following *non-public* report. 
From: Martin Schulze <joey@infodrom.org> 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2005-0070: Unauthorised file access in 
synaesthesia 
Errors-To: vendor-sec-admin@lst.de 
Date: Sat, 15 Jan 2005 11:24:02 +0100 
 
Erik Sjölund discovered that synaesthesia, a program for representing 
sounds visually, accesses a user-controlled configuration with 
elevated privileges.  Hence, it is possible to read arbitrary files. 
synaesthesia is installed setuid root in our system, so it may be 
in other distributions as well. 
 
This doesn't seem to be too problematic for /etc/passwd but think 
about /dev/<node that acts upon read>.  I'm attaching a proposed 
patch to fix this problem. 
 
Please let me know if you would like to disclose this coordinatedly. 
 
Regards, 
 
        Joey 
 
--
Comment 1 Thomas Biege 2005-01-17 21:18:48 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2005-01-17 21:21:14 UTC 
Created attachment 27683 [details]
synaesthesia.diff
Comment 3 Vladimir Nadvornik 2005-01-17 21:40:42 UTC 
Our package already contains similar fix, see synaesthesia-2.1.dif 
 
Also, synaesthesia is in permissions.easy with 0755 on all distributions  
since 8.1. Since 9.0 the suid bit was removed from the package. 
 
The package is already dropped in stable.
Comment 4 Thomas Biege 2005-01-18 20:07:44 UTC 
Thanks.
Comment 5 Thomas Biege 2009-10-13 20:58:19 UTC 
CVE-2005-0070: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)