NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-06

Subject: Conectiva Linux Security Announcement - cdrecord
From: Sergio Bruder (bruderCONECTIVA.COM.BR)
Date: Wed Jun 07 2000 - 12:51:01 CDT

Next message: Peter van Dijk: "local root on linux 2.2.15"
Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory: FreeBSD-SA-00:22.apsfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE: cdrecord

SUMMARY : Buffer overflow, no effect on default installation
DATE : 2000-JUN-07
AFFECTED CONECTIVA VERSIONS : 5.0

DESCRIPTION
The cdrecord program has a buffer overflow problem in the processing
of the command-line argument "dev=". By exploring this vulnerability,
a local user could make the program execute arbitrary commands.
Conectiva Linux doesn't ship this binary with the SUID or SGID bits
turned on. So, the vulnerability's extent is greatly reduced, not
having the effect of granting higher user privileges.

SOLUTION
If the user needs to activate the SUID or SGID bits for the cdrecord
binary, then an upgrade is strongly recommended. The updated packages
are listed below.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdda2wav-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-devel-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/mkisofs-1.8-2cl.i386.rpm

SOURCE RPM PACKAGES ARE ALSO AVAILABLE:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdda2wav-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-devel-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/mkisofs-1.8-2cl.src.rpm

All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

Information on how to install and/or upgrade RPM packages, and
location of mirror sites, can be found at
http://www.conectiva.com.br/atualizacoes

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br

Next message: Peter van Dijk: "local root on linux 2.2.15"
Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory: FreeBSD-SA-00:22.apsfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]