Vulnerability Bulletins |
Compromiso root local a través de cdrecord |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | cdrecord |
Description |
|
|
Se ha descubierto una vulnerabilidad en el programa cdrecord. La vulnerabilidad reside en que este programa tiene activado el bit suid root y no abandona los privilegios de root (euid=0) cuando hace un exec() de un programa especificado por el usuario a través de la variable de entorno $RSH. La explotación de esta vulnerabilidad podría permitir a un atacante local obtener privilegios de root. |
|
Solution |
|
|
Actualización de software Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.20/cdrtools.pkg SGI Advanced Linux Environment 3 / RPM / Patch 10291 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10291 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0806 |
| BID | |
Other resources |
|
|
Mandrakesoft Security Advisory MDKSA-2004:091 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:091 SCO Security Advisory SCOSA-2005.20 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.20/SCOSA-2005.20.txt SGI Security Advisory (20060401-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060401-01.U.asc |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-09-08 |
| 2.0 | Exploit público disponible | 2004-09-10 |
| 2.1 | Aviso emitido por SCO (SCOSA-2005.20) | 2005-04-08 |
| 2.2 | Aviso emitido por SGI (20060401-01-U) | 2006-04-05 |