Nom du paquet
cdrecord
Date
2005-04-20
Advisory ID
MDKSA-2005:077
Affected versions
10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that by default this configuration file does not exist in Mandriva Linux so unless you create it and enable DEBUG, this does not affect you. The updated packages have been patched to correct these issues.

Updated packages

10.2 x86_64

 15a112f392f250ea82a2bc54bb74f32f  x86_64/10.2/RPMS/cdrecord-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
7c872b9867899f5b7f4c30c37ca1c4e0  x86_64/10.2/RPMS/cdrecord-cdda2wav-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
06ebe0c9e9f8c1366d19122d77841270  x86_64/10.2/RPMS/cdrecord-devel-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
fe2c5214b8e5765326177a606afd8995  x86_64/10.2/RPMS/cdrecord-isotools-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
3f16d1f23475953132c39e73d5a5eb36  x86_64/10.2/RPMS/cdrecord-vanilla-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
d41ca3a964192961a8df1ebc51d74b14  x86_64/10.2/RPMS/mkisofs-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
f3fb0008491fe53605279f76b218cb8d  x86_64/10.2/SRPMS/cdrecord-2.01.01-0.a01.6.1.102mdk.src.rpm

CS2.1 x86_64

 3a2e0f073569f2b3cfebc2048894515a  x86_64/corporate/2.1/RPMS/cdrecord-1.11-0.a32.1.2.C21mdk.x86_64.rpm
71680076240e7ec0166416eb73e7af7a  x86_64/corporate/2.1/RPMS/cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.x86_64.rpm
7395c0654192b3bc1cf2ba298c82df46  x86_64/corporate/2.1/RPMS/cdrecord-devel-1.11-0.a32.1.2.C21mdk.x86_64.rpm
9f2de918b15db99cf89e1e6d3c86c24f  x86_64/corporate/2.1/RPMS/cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.x86_64.rpm
2644ac211232f9a10aa1519b00f5e364  x86_64/corporate/2.1/RPMS/mkisofs-1.15-0.a32.1.2.C21mdk.x86_64.rpm
9d0ad887fde0366818d4efd867a024c3  x86_64/corporate/2.1/SRPMS/cdrecord-1.11-0.a32.1.2.C21mdk.src.rpm

10.0 amd64

 1bc7d6c833f4457fd95f17f98d79015a  amd64/10.0/RPMS/cdrecord-2.01-0.a28.3.100mdk.amd64.rpm
1ddb746abc3a1330b4807a024b3ca9ee  amd64/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.3.100mdk.amd64.rpm
ddf466f2357364d42486693b4532240f  amd64/10.0/RPMS/cdrecord-devel-2.01-0.a28.3.100mdk.amd64.rpm
e899df2f7be3e50b0bd59aef795ffa52  amd64/10.0/RPMS/mkisofs-2.01-0.a28.3.100mdk.amd64.rpm
ba546809bbddf8d3034e19a9eb7b302d  amd64/10.0/SRPMS/cdrecord-2.01-0.a28.3.100mdk.src.rpm

10.2 i586

 e88cb26c11fa7db8cc0d635dc3f09746  10.2/RPMS/cdrecord-2.01.01-0.a01.6.1.102mdk.i586.rpm
d581a2787035515872382465d5a0b52d  10.2/RPMS/cdrecord-cdda2wav-2.01.01-0.a01.6.1.102mdk.i586.rpm
96f46be6665c42b4a24f03cdfecda60f  10.2/RPMS/cdrecord-devel-2.01.01-0.a01.6.1.102mdk.i586.rpm
a7abba59fdf0e767c2d6029ea681c457  10.2/RPMS/cdrecord-isotools-2.01.01-0.a01.6.1.102mdk.i586.rpm
51a00a1b64e8ec4ea09b399ebfce1da1  10.2/RPMS/cdrecord-vanilla-2.01.01-0.a01.6.1.102mdk.i586.rpm
33bab4de7eced57809cb3e88fd4da58c  10.2/RPMS/mkisofs-2.01.01-0.a01.6.1.102mdk.i586.rpm
f3fb0008491fe53605279f76b218cb8d  10.2/SRPMS/cdrecord-2.01.01-0.a01.6.1.102mdk.src.rpm

10.1 i586

 794bf04c820b0260d0e694f062c905f2  10.1/RPMS/cdrecord-2.01-1.1.101mdk.i586.rpm
42ec8777385b893d8251599570c36c73  10.1/RPMS/cdrecord-cdda2wav-2.01-1.1.101mdk.i586.rpm
3d058e44f07c83879278baaa495e8450  10.1/RPMS/cdrecord-devel-2.01-1.1.101mdk.i586.rpm
e6a9c9c198b54ea22adc0bd7911cffaf  10.1/RPMS/cdrecord-isotools-2.01-1.1.101mdk.i586.rpm
c1c45207be3fd2ca3aefb58a644bc82a  10.1/RPMS/cdrecord-vanilla-2.01-1.1.101mdk.i586.rpm
37ab3e2083acb6faa1e7b36afe2165a7  10.1/RPMS/mkisofs-2.01-1.1.101mdk.i586.rpm
768f4f60b9790fac5b557746c98e3505  10.1/SRPMS/cdrecord-2.01-1.1.101mdk.src.rpm

10.0 i586

 b76b1f88a021c51f2ed0e01e1655cced  10.0/RPMS/cdrecord-2.01-0.a28.3.100mdk.i586.rpm
647980c29121e4cb656e0786007e6e5c  10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.3.100mdk.i586.rpm
31e3ed2e746db7f53914d063c4cb1ad0  10.0/RPMS/cdrecord-devel-2.01-0.a28.3.100mdk.i586.rpm
7715dc6d38cf9f89be7ec823ce3ae80a  10.0/RPMS/mkisofs-2.01-0.a28.3.100mdk.i586.rpm
ba546809bbddf8d3034e19a9eb7b302d  10.0/SRPMS/cdrecord-2.01-0.a28.3.100mdk.src.rpm

CS3.0 x86_64

 11a0aaf96ba4ea707fdbe421ad0dd9ad  x86_64/corporate/3.0/RPMS/cdrecord-2.01-0.a28.3.C30mdk.x86_64.rpm
a8ea5673da05ec4bdbbd95e4c85b91e1  x86_64/corporate/3.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.3.C30mdk.x86_64.rpm
384896d7b6ad11ad8eafac6db166ef8e  x86_64/corporate/3.0/RPMS/cdrecord-devel-2.01-0.a28.3.C30mdk.x86_64.rpm
07615c675d0a11b2f4b78db6d2ba2736  x86_64/corporate/3.0/RPMS/mkisofs-2.01-0.a28.3.C30mdk.x86_64.rpm
5f772fbe88aab2ae890b71e46c83976f  x86_64/corporate/3.0/SRPMS/cdrecord-2.01-0.a28.3.C30mdk.src.rpm

CS3.0 i586

 3352fc19b054b565996b0322db3ced25  corporate/3.0/RPMS/cdrecord-2.01-0.a28.3.C30mdk.i586.rpm
46df5e69acd47306efcb732942a0365b  corporate/3.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.3.C30mdk.i586.rpm
8addf58eff5059b2f10daab5766db805  corporate/3.0/RPMS/cdrecord-devel-2.01-0.a28.3.C30mdk.i586.rpm
70c2e71dfaa1f44962a123becf6ec988  corporate/3.0/RPMS/mkisofs-2.01-0.a28.3.C30mdk.i586.rpm
5f772fbe88aab2ae890b71e46c83976f  corporate/3.0/SRPMS/cdrecord-2.01-0.a28.3.C30mdk.src.rpm

CS2.1 i586

 41f690bdc4e9ed38a5e07b441dc68e2e  corporate/2.1/RPMS/cdrecord-1.11-0.a32.1.2.C21mdk.i586.rpm
21fd0a4f61d96d8099bfc7e420078997  corporate/2.1/RPMS/cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.i586.rpm
a88c902c395ab6922bd187bdb89f9f37  corporate/2.1/RPMS/cdrecord-devel-1.11-0.a32.1.2.C21mdk.i586.rpm
a256764d4fa4206aa252b6abb9826a07  corporate/2.1/RPMS/cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.i586.rpm
3afc5d3ae2642fc622ba33a70982f22b  corporate/2.1/RPMS/mkisofs-1.15-0.a32.1.2.C21mdk.i586.rpm
9d0ad887fde0366818d4efd867a024c3  corporate/2.1/SRPMS/cdrecord-1.11-0.a32.1.2.C21mdk.src.rpm

10.1 x86_64

 e8480e54f0ceb69ad4b24ef8a708a9b9  x86_64/10.1/RPMS/cdrecord-2.01-1.1.101mdk.x86_64.rpm
6599dacd7cc7f2348afc4b163f958364  x86_64/10.1/RPMS/cdrecord-cdda2wav-2.01-1.1.101mdk.x86_64.rpm
1701e03afa8804c5c98322a90af10ba5  x86_64/10.1/RPMS/cdrecord-devel-2.01-1.1.101mdk.x86_64.rpm
2cfb1b7cd36e366f9f869934a580a996  x86_64/10.1/RPMS/cdrecord-isotools-2.01-1.1.101mdk.x86_64.rpm
77cbb47faa8da69d4757043a50163c97  x86_64/10.1/RPMS/cdrecord-vanilla-2.01-1.1.101mdk.x86_64.rpm
1ecb8362b876ba63d81bafc0079db541  x86_64/10.1/RPMS/mkisofs-2.01-1.1.101mdk.x86_64.rpm
768f4f60b9790fac5b557746c98e3505  x86_64/10.1/SRPMS/cdrecord-2.01-1.1.101mdk.src.rpm

References