Turbolinux Local Security Tests : Turbolinux TLSA-2004-26 (cdrtools)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52899

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2004-26 (cdrtools)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cdrtools
announced via advisory TLSA-2004-26.

cdrtools is a collection of CD/DVD utilities.

cdrecord, which is set-uid root, fails to drop the effective UID (of
root -- euid=0) when it exec()s a program specified by the user via the
$RSH environment variable.

Allows local users to gain root privileges.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-26

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 11075
Common Vulnerability Exposure (CVE) ID: CVE-2004-0806
http://www.securityfocus.org/bid/11075
Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search)
http://seclists.org/lists/bugtraq/2004/Sep/0097.html
Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html
CERT/CC vulnerability note: VU#700326
http://www.kb.cert.org/vuls/id/700326
https://bugzilla.fedora.us/show_bug.cgi?id=2058
http://www.mandriva.com/security/advisories?name=MDKSA-2004:091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805
http://securitytracker.com/id?1011091
http://secunia.com/advisories/12481/
http://secunia.com/advisories/19532
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
XForce ISS Database: cdrecord-rsh-gain-privileges(17303)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17303

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52899
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2004-26 (cdrtools)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cdrtools announced via advisory TLSA-2004-26. cdrtools is a collection of CD/DVD utilities. cdrecord, which is set-uid root, fails to drop the effective UID (of root -- euid=0) when it exec()s a program specified by the user via the $RSH environment variable. Allows local users to gain root privileges. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-26 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 11075 Common Vulnerability Exposure (CVE) ID: CVE-2004-0806 http://www.securityfocus.org/bid/11075 Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search) http://seclists.org/lists/bugtraq/2004/Sep/0097.html Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html CERT/CC vulnerability note: VU#700326 http://www.kb.cert.org/vuls/id/700326 https://bugzilla.fedora.us/show_bug.cgi?id=2058 http://www.mandriva.com/security/advisories?name=MDKSA-2004:091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805 http://securitytracker.com/id?1011091 http://secunia.com/advisories/12481/ http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U XForce ISS Database: cdrecord-rsh-gain-privileges(17303) https://exchange.xforce.ibmcloud.com/vulnerabilities/17303
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com