What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-06
- - ---------------------------------------------------------------------

          PACKAGE : cdrtools
          SUMMARY : privelige escalation
             DATE : 2003-05-17 14:07 UTC
          EXPLOIT : local
VERSIONS AFFECTED : =cdrtools-2.01_alpha14, =cdrtools-1.11.33-r1,
		    =cdrtools-1.11.39-r1
              CVE : CAN-2003-0289

- - ---------------------------------------------------------------------

Cdrecord isn't installed setuid root by default in Gentoo.

Read the full advisory at 
https://marc.theaimsgroup.com/?l=bugtraq&m=105285351304781&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-cdr/cdrtools upgrade to one of the following versions:
for users running xcdroast: cdrtools-1.11.33-r1
for sparc users: cdrtools-1.11.39-r1
for everyone else: cdrtools-2.01_alpha14

emerge sync
emerge \=app-cdr/
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Gentoo: cdrtools privlege escalation vulnerability

A vulnerability in cdrecord that could lead to a root compromise was discovered

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-06
- - ---------------------------------------------------------------------
		    =cdrtools-1.11.39-r1

- - ---------------------------------------------------------------------

Cdrecord isn't installed setuid root by default in Gentoo.

Read the full advisory at 
https://marc.theaimsgroup.com/?l=bugtraq&m=105285351304781&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-cdr/cdrtools upgrade to one of the following versions:
for users running xcdroast: cdrtools-1.11.33-r1
for sparc users: cdrtools-1.11.39-r1
for everyone else: cdrtools-2.01_alpha14

emerge sync
emerge \=app-cdr/
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : cdrtools
SUMMARY : privelige escalation
DATE : 2003-05-17 14:07 UTC
EXPLOIT : local
VERSIONS AFFECTED : =cdrtools-2.01_alpha14, =cdrtools-1.11.33-r1,
CVE : CAN-2003-0289

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo