Boletines de Vulnerabilidades |
Compromiso root local a través de cdrecord |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Compromiso Root |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado | cdrecord |
Descripción |
|
Se ha descubierto una vulnerabilidad en el programa cdrecord. La vulnerabilidad reside en que este programa tiene activado el bit suid root y no abandona los privilegios de root (euid=0) cuando hace un exec() de un programa especificado por el usuario a través de la variable de entorno $RSH. La explotación de esta vulnerabilidad podría permitir a un atacante local obtener privilegios de root. |
|
Solución |
|
Actualización de software Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.20/cdrtools.pkg SGI Advanced Linux Environment 3 / RPM / Patch 10291 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10291 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-0806 |
BID | |
Recursos adicionales |
|
Mandrakesoft Security Advisory MDKSA-2004:091 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:091 SCO Security Advisory SCOSA-2005.20 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.20/SCOSA-2005.20.txt SGI Security Advisory (20060401-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060401-01.U.asc |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2004-09-08 |
2.0 | Exploit público disponible | 2004-09-10 |
2.1 | Aviso emitido por SCO (SCOSA-2005.20) | 2005-04-08 |
2.2 | Aviso emitido por SGI (20060401-01-U) | 2006-04-05 |