KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable

Related Vulnerabilities: CVE-2000-0393  
Publish Date: 16 May 2000
Author: Sebastian
                source: http://www.securityfocus.com/bid/1206/info

Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine. 

Red Hat, Linux Mandrake, and Turbo Linux do not currently ship with kscd setgid 'disk'.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19915.tgz