Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Gentoo: 202305-06.1 Critical Alert on Cdrtools Security Vulnerability Risk

gentoo
Calendar Grey May 18, 2003
Dist Gentoo Esm H88
An alarming vulnerability within cdrtools allows unauthorized privilege escalation; Gentoo users must promptly upgrade to reduce potential threats.
Incorrect link fixed

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-06.1
- - ---------------------------------------------------------------------
		    =cdrtools-1.11.39-r1

- - ---------------------------------------------------------------------
Last advisory had the wrong url to the advisory.
--
Cdrecord isn't installed setuid root by default in Gentoo.
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running app-cdr/cdrtools upgrade to one of the following versions: for users running xcdroast: cdrtools-1.11.33-r1 for sparc users: cdrtools-1.11.39-r1 for everyone else: cdrtools-2.01_alpha14
emerge sync emerge \=app-cdr/ emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : cdrtools
SUMMARY : privelige escalation
DATE : 2003-05-18 12:18 UTC
EXPLOIT : local
VERSIONS AFFECTED : =cdrtools-2.01_alpha14, =cdrtools-1.11.33-r1,
CVE : CAN-2003-0289

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround