HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #19
From team nosec/!eof
New advisory by : cjay
Affected service(s): vdspi
Severity [lmh] : medium
===== Problem =====
vdspi is started as root via daemon tools
===== Impact =====
unnecessary risk
===== Fix =====
change the last line of /etc/vdspi/run to:
cd /usr/vdspi && exec tcpserver -u1001 -g1001 -llocalhost -H 0.0.0.0 1353 /usr/vdspi/vds
1001 ist uid and gid of vdspi
Rating
[1] ok.