From martin.pitt@canonical.com Thu Mar 24 05:31:49 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Thu, 24 Mar 2005 11:26:50 +0100 Subject: [Full-disclosure] [USN-100-1] cdrecord vulnerability =========================================================== Ubuntu Security Notice USN-100-1 March 24, 2005 cdrtools vulnerability http://bugs.debian.org/291376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: cdrecord The problem can be corrected by upgrading the affected package to version 4:2.0+a30.pre1-1ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fernández-Sanguino Peña noticed that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), this could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that DEBUG is not enabled by default in Ubuntu, so if you did not explicitly enable it, this does not affect you. Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.diff.gz Size/MD5: 106610 ecb116b3a798172cf2bacc0ea4da66ac http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1-1ubuntu2.2.dsc Size/MD5: 767 62cb5678e5acb26ae30af99f932d518f http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools_2.0+a30.pre1.orig.tar.gz Size/MD5: 1703614 082abd117c60736d059ffec0997ca841 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb Size/MD5: 263578 d0637afd43c64ac57a1a2f723c76b315 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb Size/MD5: 167916 14e2eacf9cbf98ea359e054a2b4973eb http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb Size/MD5: 587930 0885cf227459e4965c5fe15d3460b0ab http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb Size/MD5: 345540 fc3bf20dc1ee51adb4d06220d5be5af6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb Size/MD5: 150710 51913b96e540e9d7716f532081390dcc http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb Size/MD5: 544086 da2c20b5e9805e7328a5717a3cec8e76 http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb Size/MD5: 306926 8085524e3defd5e9aa21cf8f379f311c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb Size/MD5: 167712 01103ab30ed47382880b3003a77a3e8c http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb Size/MD5: 591270 d4153964a3c477115678032e44a84b3c http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb Size/MD5: 348888 94e52829ee12a455517bfae4f88273ea [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/