[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050324102650.GB2505@box79162.elkhouse.de>
Date: Thu, 24 Mar 2005 11:26:50 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-100-1] cdrecord vulnerability
===========================================================
Ubuntu Security Notice USN-100-1 March 24, 2005
cdrtools vulnerability
http://bugs.debian.org/291376
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
cdrecord
The problem can be corrected by upgrading the affected package to
version 4:2.0+a30.pre1-1ubuntu2.2. In general, a standard system
upgrade is sufficient to effect the necessary changes.
Details follow:
Javier Fernández-Sanguino Peña noticed that cdrecord created temporary
files in an insecure manner if DEBUG was enabled in
/etc/cdrecord/rscsi. If the default value was used (which stored the
debug output file in /tmp), this could allow a symbolic link attack to
create or overwrite arbitrary files with the privileges of the user
invoking cdrecord.
Please note that DEBUG is not enabled by default in Ubuntu, so if you
did not explicitly enable it, this does not affect you.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.diff.gz
Size/MD5: 106610 ecb116b3a798172cf2bacc0ea4da66ac
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.dsc
Size/MD5: 767 62cb5678e5acb26ae30af99f932d518f
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1.orig.tar.gz
Size/MD5: 1703614 082abd117c60736d059ffec0997ca841
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb
Size/MD5: 263578 d0637afd43c64ac57a1a2f723c76b315
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Size/MD5: 167916 14e2eacf9cbf98ea359e054a2b4973eb
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Size/MD5: 587930 0885cf227459e4965c5fe15d3460b0ab
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Size/MD5: 345540 fc3bf20dc1ee51adb4d06220d5be5af6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb
Size/MD5: 150710 51913b96e540e9d7716f532081390dcc
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb
Size/MD5: 544086 da2c20b5e9805e7328a5717a3cec8e76
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb
Size/MD5: 306926 8085524e3defd5e9aa21cf8f379f311c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Size/MD5: 167712 01103ab30ed47382880b3003a77a3e8c
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Size/MD5: 591270 d4153964a3c477115678032e44a84b3c
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Size/MD5: 348888 94e52829ee12a455517bfae4f88273ea
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists