Detections
Analytics

Mandrake Linux Security Advisory : cdrecord (MDKSA-2005:077)

low Nessus Plugin ID 18107

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that by default this configuration file does not exist in Mandriva Linux so unless you create it and enable DEBUG, this does not affect you.

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376

Plugin Details

Severity: Low

ID: 18107

File Name: mandrake_MDKSA-2005-077.nasl

Version: 1.17

Type: local

Published: 4/21/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cdrecord, p-cpe:/a:mandriva:linux:cdrecord-cdda2wav, p-cpe:/a:mandriva:linux:cdrecord-devel, p-cpe:/a:mandriva:linux:cdrecord-isotools, p-cpe:/a:mandriva:linux:cdrecord-vanilla, p-cpe:/a:mandriva:linux:mkisofs, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 4/20/2005

Reference Information

CVE: CVE-2005-0866

MDKSA: 2005:077