search for: cddb_init

...holes in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses out path names from it, dynamically allocating memory for each pathname as it is parsed. The cd_init() functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a...

...s in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses out path names from it, dynamically allocating memory for each pathname as it is parsed. The cd_init() functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a...