-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2004-26
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 16 Sep 2004
Last revised : 16 Sep 2004
Package : cdrtools
Summary : euid program
More information :
cdrtools is a collection of CD/DVD utilities.
cdrecord, which is set-uid root, fails to drop the effective UID (of
root -- euid=0) when it exec()s a program specified by the user via the
$RSH environment variable.
Impact :
Allows local users to gain root privileges.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u cdda2wav cdrtools cdrtools-devel mkisofs
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
cdrtools-2.0-9.src.rpm
2103029 be1b3126c773b8a07a6e078f2c425aa3
Binary Packages
Size : MD5
cdrtools-2.0-9.i586.rpm
672260 4f04c73f06d9a1c524806a48c59795a4
cdrtools-devel-2.0-9.i586.rpm
496602 f0dc69e2525aef9be1b677ef32a5ea89
mkisofs-2.0-9.i586.rpm
478674 de3ae493f085d7e841d8336f61b66cf1
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
cdrtools-2.0-9.src.rpm
2103029 f28d29b94dc9517406a59fd8d934c7f9
Binary Packages
Size : MD5
cdrtools-2.0-9.i586.rpm
671704 30173aba8f73337bf875fc095c855979
cdrtools-devel-2.0-9.i586.rpm
496706 3c6fdc57dbd94f28736fae3fa4f74853
mkisofs-2.0-9.i586.rpm
478790 0b0c20e1c5f84e670e211164fc8efe70
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cdrtools-2.0-9.src.rpm
2103029 aa0d05ec9760f08ca21ba230e73112d9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdda2wav-2.0-9.i586.rpm
166032 ff43311dc4cb87048a59e6147c6105a5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-2.0-9.i586.rpm
666550 5a77cc19f9cf1f58fa5dc51f04ceb18b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-devel-2.0-9.i586.rpm
497339 de65b8f21cdf636408cddc04f0f3ef1b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/mkisofs-2.0-9.i586.rpm
479449 a4a719a4a593cff75eb62ec5a337f1a9
References:
CVE
[
CAN-2004-0806]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0806
--------------------------------------------------------------------------
Revision History
16 Sep 2004 Initial release
--------------------------------------------------------------------------
Copyright(C) 2004 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBSHjYK0LzjOqIJMwRAh6sAJ9mJeQvyh7rEr0K67sstZGCxQaO4ACgrJwL
TG7auX67FkGqHaCOwGefhFU=
=cZCb
-----END PGP SIGNATURE-----