From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200409-18.xml | 73 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 metadata/glsa/glsa-200409-18.xml (limited to 'metadata/glsa/glsa-200409-18.xml') diff --git a/metadata/glsa/glsa-200409-18.xml b/metadata/glsa/glsa-200409-18.xml new file mode 100644 index 000000000000..99683ad32d8e --- /dev/null +++ b/metadata/glsa/glsa-200409-18.xml @@ -0,0 +1,73 @@ + + + + cdrtools: Local root vulnerability in cdrecord if set SUID root + + cdrecord, if manually set SUID root, is vulnerable to a local root exploit + allowing users to escalate privileges. + + cdrtools + 2004-09-14 + 2004-09-14: 01 + 63187 + local + + + 2.01_alpha37-r1 + 2.01_alpha28-r2 + 2.01_alpha37 + + + +

+ The cdrtools package is a set of tools for CD recording, including the + popular cdrecord command-line utility. +

+ + +

+ Max Vozeler discovered that the cdrecord utility, when set to SUID root, + fails to drop root privileges before executing a user-supplied RSH program. + By default, Gentoo does not ship the cdrecord utility as SUID root and + therefore is not vulnerable. However, many users (and CD-burning + front-ends) set this manually after installation. +

+ + +

+ A local attacker could specify a malicious program using the $RSH + environment variable and have it executed by the SUID cdrecord, resulting + in root privileges escalation. +

+ + +

+ As a workaround, you could remove the SUID rights from your cdrecord + utility : +

+ + # chmod a-s /usr/bin/cdrecord + + +

+ All cdrtools users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-cdr/cdrtools-2.01_alpha37-r1" + # emerge ">=app-cdr/cdrtools-2.01_alpha37-r1" + + + CAN-2004-0806 + + + jaervosz + + + koon + + + jaervosz + + -- cgit v1.2.3