Date: Thu Mar 24 10:26:57 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-100-1] cdrecord vulnerability

===========================================================
Ubuntu Security Notice USN-100-1	     March 24, 2005
cdrtools vulnerability
http://bugs.debian.org/291376
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cdrecord

The problem can be corrected by upgrading the affected package to
version 4:2.0+a30.pre1-1ubuntu2.2.  In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Javier Fern?ndez-Sanguino Pe?a noticed that cdrecord created temporary
files in an insecure manner if DEBUG was enabled in
/etc/cdrecord/rscsi. If the default value was used (which stored the
debug output file in /tmp), this could allow a symbolic link attack to
create or overwrite arbitrary files with the privileges of the user
invoking cdrecord.

Please note that DEBUG is not enabled by default in Ubuntu, so if you
did not explicitly enable it, this does not affect you.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.diff.gz
      Size/MD5:   106610 ecb116b3a798172cf2bacc0ea4da66ac
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.dsc
      Size/MD5:      767 62cb5678e5acb26ae30af99f932d518f
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1.orig.tar.gz
      Size/MD5:  1703614 082abd117c60736d059ffec0997ca841

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb
      Size/MD5:   263578 d0637afd43c64ac57a1a2f723c76b315

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb
      Size/MD5:   167916 14e2eacf9cbf98ea359e054a2b4973eb
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb
      Size/MD5:   587930 0885cf227459e4965c5fe15d3460b0ab
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb
      Size/MD5:   345540 fc3bf20dc1ee51adb4d06220d5be5af6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb
      Size/MD5:   150710 51913b96e540e9d7716f532081390dcc
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb
      Size/MD5:   544086 da2c20b5e9805e7328a5717a3cec8e76
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb
      Size/MD5:   306926 8085524e3defd5e9aa21cf8f379f311c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
      Size/MD5:   167712 01103ab30ed47382880b3003a77a3e8c
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
      Size/MD5:   591270 d4153964a3c477115678032e44a84b3c
    http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
      Size/MD5:   348888 94e52829ee12a455517bfae4f88273ea
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050324/478d3210/attachment.bin

Powered by blists - more mailing lists