[ Thanks to Sergio
Bruder for this announcement. ]
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE: cdrecord
SUMMARY : Buffer overflow, no effect on default installation
DATE : 2000-JUN-07
AFFECTED CONECTIVA VERSIONS : 5.0
DESCRIPTION
The cdrecord program has a buffer overflow problem in the
processing of the command-line argument “dev=”. By exploring this
vulnerability, a local user could make the program execute
arbitrary commands. Conectiva Linux doesn’t ship this binary
with the SUID or SGID bits turned on. So, the vulnerability’s
extent is greatly reduced, not having the effect of granting higher
user privileges.
SOLUTION
If the user needs to activate the SUID or SGID bits for the
cdrecord binary, then an upgrade is strongly recommended. The
updated packages are listed below.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdda2wav-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-devel-1.8-2cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/mkisofs-1.8-2cl.i386.rpm
SOURCE RPM PACKAGES ARE ALSO AVAILABLE:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdda2wav-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-devel-1.8-2cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/mkisofs-1.8-2cl.src.rpm
All packages are signed with Conectiva’s PGP key. The key can be
obtained at http://www.conectiva.com.br/conectiva/contato.html
Information on how to install and/or upgrade RPM packages, and
location of mirror sites, can be found at http://www.conectiva.com.br/atualizacoes
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br