Support / Security / Advisories / Mandrakelinux 6.1 / MDKSA-2000:009

Package name: cdrecord
Date: 2000-06-03
Advisory ID: MDKSA-2000:009
Affected versions: 6.1 i586 , 7.0 i586 , 7.1 i586

Problem description

The linux cdrecord binary is vulnerable to a locally exploitable buffer overflow attack. When installed on a Linux-Mandrake distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with the gid "cdburner".

Updated packages

6.1 i586

 66d5d79f81864f1bb3a84e9b9d460cd5  6.1/RPMS/cdrecord-1.8.1-4mdk.i586.rpm
f177e0268016d5f376bddf710d737316  6.1/RPMS/cdrecord-cdda2wav-1.8.1-4mdk.i586.rpm
c7ae464b496389fce5191f9a72085de5  6.1/RPMS/cdrecord-devel-1.8.1-4mdk.i586.rpm
7f3b0ad71c10f5c80e01092ff4e11306  6.1/RPMS/mkisofs-1.12.1-4mdk.i586.rpm
624aebaf07615e3f18471d3ff9af4ede  6.1/SRPMS/cdrecord-1.8.1-4mdk.src.rpm

7.0 i586

 8f4544f8307019230e74717a9b836051  7.0/RPMS/cdrecord-1.8.1-4mdk.i586.rpm
6daec92096f82bfac45a3346cbdc9cdb  7.0/RPMS/cdrecord-cdda2wav-1.8.1-4mdk.i586.rpm
7dd8e55e2f2879ed84d7b667a09bc77c  7.0/RPMS/cdrecord-devel-1.8.1-4mdk.i586.rpm
da6240b73b4238ae554dbf45616319ec  7.0/RPMS/mkisofs-1.12.1-4mdk.i586.rpm
624aebaf07615e3f18471d3ff9af4ede  7.0/SRPMS/cdrecord-1.8.1-4mdk.src.rpm

7.1 i586

 be1da959bdbc0762fc148d6a1a29d73b  7.1/RPMS/cdrecord-1.8.1-4mdk.i586.rpm
624aebaf07615e3f18471d3ff9af4ede  7.1/SRPMS/cdrecord-1.8.1-4mdk.src.rpm