发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-10 15:37:17

[原文]cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

[CNNVD]CDRTools CDRecord本地不安全文件创建漏洞(CNNVD-200505-743)


- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

CDRTools CDRecord本地不安全文件创建漏洞
低危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00

- 公告与补丁

        CDRTools CDRecord 1.11
        Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        CDRTools CDRTools 2.0
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog) 0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog) 0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog) 0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog) 0.pre1-1ubuntu2.2_amd64.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog) 0.pre1-1ubuntu2.2_i386.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog) 0.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb
        Ubuntu 4.10 (Warty Warthog) 0+a30.pre1-1ubuntu2.2_all.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog) .pre1-1ubuntu2.2_amd64.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog) .pre1-1ubuntu2.2_i386.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog) .pre1-1ubuntu2.2_powerpc.deb
        CDRTools CDRTools 2.0.1
        Mandriva cdrecord-2.01-0.a28.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        Mandriva cdrecord-2.01-0.a28.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        Mandriva cdrecord-2.01-0.a28.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        Mandriva cdrecord-2.01-0.a28.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0
        Mandriva cdrecord-2.01-1.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        Mandriva cdrecord-2.01-1.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        Mandriva cdrecord-2.01.01-0.a01.6.1.102mdk.i586.rpm
        Mandrake Linux 10.2
        Mandriva cdrecord-2.01.01-0.

- 漏洞信息

cdrtools DEBUG Mode Symlink Privilege Escalation
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CDRTools CDRecord Local Insecure File Creation Vulnerability
Design Error 12891
No Yes
2005-03-24 12:00:00 2009-07-12 11:56:00
Javier Fernandez-Sanguino Pena is credited with the discovery of this issue.

- 受影响的程序版本

CDRTools CDRTools 2.0.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
CDRTools CDRTools 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
CDRTools CDRecord 1.11
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2

- 漏洞讨论

A local insecure file creation vulnerability affects cdrtools cdrecord. This issue is due to a failure of the application to securely create and write to various files.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the application.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Ubuntu linux has released an advisory (USN-100-1) along with fixes dealing with this issue. Please see the reference section for more information.

Mandriva has released advisory MDKSA-2005:077 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

CDRTools CDRecord 1.11

CDRTools CDRTools 2.0

CDRTools CDRTools 2.0.1

- 相关参考