Bug 64898 (CVE-2005-0070) - VUL-0: CVE-2005-0070: synaesthesia: Unauthorised file access
Summary: VUL-0: CVE-2005-0070: synaesthesia: Unauthorised file access
Status: RESOLVED FIXED
Alias: CVE-2005-0070
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Vladimir Nadvornik
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-0070: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-17 21:18 UTC by Thomas Biege
Modified: 2021-11-10 10:48 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
synaesthesia.diff (852 bytes, patch)
2005-01-17 21:21 UTC, Thomas Biege 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-01-17 21:18:48 UTC 
Hi, 
we received the following *non-public* report. 
From: Martin Schulze <joey@infodrom.org> 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2005-0070: Unauthorised file access in 
synaesthesia 
Errors-To: vendor-sec-admin@lst.de 
Date: Sat, 15 Jan 2005 11:24:02 +0100 
 
Erik Sjölund discovered that synaesthesia, a program for representing 
sounds visually, accesses a user-controlled configuration with 
elevated privileges.  Hence, it is possible to read arbitrary files. 
synaesthesia is installed setuid root in our system, so it may be 
in other distributions as well. 
 
This doesn't seem to be too problematic for /etc/passwd but think 
about /dev/<node that acts upon read>.  I'm attaching a proposed 
patch to fix this problem. 
 
Please let me know if you would like to disclose this coordinatedly. 
 
Regards, 
 
        Joey 
 
--
Comment 1 Thomas Biege 2005-01-17 21:18:48 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2005-01-17 21:21:14 UTC 
Created attachment 27683 [details]
synaesthesia.diff
Comment 3 Vladimir Nadvornik 2005-01-17 21:40:42 UTC 
Our package already contains similar fix, see synaesthesia-2.1.dif 
 
Also, synaesthesia is in permissions.easy with 0755 on all distributions  
since 8.1. Since 9.0 the suid bit was removed from the package. 
 
The package is already dropped in stable.
Comment 4 Thomas Biege 2005-01-18 20:07:44 UTC 
Thanks.
Comment 5 Thomas Biege 2009-10-13 20:58:19 UTC 
CVE-2005-0070: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)