![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 7 Jun 2000 14:51:01 -0300 From: Sergio Bruder <bruder@conectiva.com.br> To: lwn@lwn.net, bos@sekure.org, bugtraq@securityfocus.com Subject: Conectiva Linux Security Announcement - cdrecord CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE: cdrecord SUMMARY : Buffer overflow, no effect on default installation DATE : 2000-JUN-07 AFFECTED CONECTIVA VERSIONS : 5.0 DESCRIPTION The cdrecord program has a buffer overflow problem in the processing of the command-line argument "dev=". By exploring this vulnerability, a local user could make the program execute arbitrary commands. Conectiva Linux doesn't ship this binary with the SUID or SGID bits turned on. So, the vulnerability's extent is greatly reduced, not having the effect of granting higher user privileges. SOLUTION If the user needs to activate the SUID or SGID bits for the cdrecord binary, then an upgrade is strongly recommended. The updated packages are listed below. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES: ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdda2wav-1.8-2cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-1.8-2cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/cdrecord-devel-1.8-2cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/mkisofs-1.8-2cl.i386.rpm SOURCE RPM PACKAGES ARE ALSO AVAILABLE: ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdda2wav-1.8-2cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-1.8-2cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/cdrecord-devel-1.8-2cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/mkisofs-1.8-2cl.src.rpm All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html Information on how to install and/or upgrade RPM packages, and location of mirror sites, can be found at http://www.conectiva.com.br/atualizacoes ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br