SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   cdrtools Vendors:   Schilling, J.
cdrtools DEBUG Mode Uses Unsafe Temporary Files That May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1013600
SecurityTracker URL:  http://securitytracker.com/id/1013600
CVE Reference:   CVE-2005-0866   (Links to External Site)
Date:  Mar 30 2005
Impact:   Modification of system information, Modification of user information, Root access via local system, User access via local system
Exploit Included:  Yes  
Version(s): 2.01
Description:   A temporary file vulnerability was reported in cdrtools. A local user may be able to obtain elevated privileges.

If DEBUG is enabled in the '/etc/cdrecord/rscsi' file and the default debug output file location is used ('/tmp'), then cdrecord may create unsafe temporary files. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by cdrecord. Then, when cdrecord is run by the target user, the symlinked file may be created or overwritten with the privileges of the target user.

Javier Fernandez-Sanguino Pena discovered this vulnerability.

Impact:   A local user may be able to gain the privileges of the target user running cdrtools.
Solution:   No solution was available at the time of this entry.
Vendor URL:  cdrecord.berlios.de/old/private/cdrecord.html (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC