COMMAND

    X11Amp

SYSTEMS AFFECTED

    System running X11Amp 0.65 (at least?)

PROBLEM

    'viinikala'  found  following.   x11  audio  mpeg  player (x11amp)
    version  0.65,  when  installed  setuid  root (as suggested by the
    README file),  creates playlist  files in  ~/.x11amp while  making
    'root' the owner of these  plaintext files (instead of the  proper
    user).   Unfortunatelly,  the  program  DOES  follow symlinks, and
    overwriting for instance /etc/shadow is therefore trivial:

        mkdir ~/.x11amp
        ln -s /etc/shadow ~/.x11amp/ekl

    now run x11amp, get into the playlist menu, select 'ekl', mark all
    the entries  and hit  'delete'. no  matter if  the prg crashes (it
    might), /etc/shadow  is gone,  anyway (or  any other  you choose).
    You can also read files not owned  by you.  If another user has  a
    lot of mp3 files, fire up x11amp and you'll be able to play  them.
    Also, start x11amp with a VERY VERY VERY LONG filename and it  seg
    faults....  buffer overflow?

SOLUTION

    Remove suid bit until you install fixed version.  The symlink  bug
    is fixed.  Get it at

        http://www.x11amp.ml.org