From security@mandriva.com Thu May 19 00:35:00 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Wed, 18 May 2005 22:24:48 -0600 Subject: [Full-disclosure] MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: cdrdao Advisory ID: MDKSA-2005:089 Date: May 18th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: The cdrdao package contains two vulnerabilities; the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~/.cdrdao configuration file. This can also lead to elevated privileges (a root shell) due to cdrdao being installed suid root. The provided packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0138 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 1b7ae1dad185d083ed25987ccce21ad0 10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.i586.rpm 87a92365c35931b3023188da4089c482 10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.i586.rpm 0fd4754121b926a84fae47bf1e4c6133 10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: cea5f48ae2bcc67e161da98e41b55134 amd64/10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.amd64.rpm c8b85327b50ebb68e3fab34476b1b3cb amd64/10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.amd64.rpm 0fd4754121b926a84fae47bf1e4c6133 amd64/10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm Mandrakelinux 10.1: 61ab4f7af380c2b46acac4dcfa1f893a 10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.i586.rpm 9c8463a1c170c1b189e0dd9a68be07d9 10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.i586.rpm 050a81b90551f9ef454904e55a160a9d 10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: a2424f9595ddcb10aca667a35523ae20 x86_64/10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.x86_64.rpm ce08ea93c55311d7585dcf72d62add3a x86_64/10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.x86_64.rpm 050a81b90551f9ef454904e55a160a9d x86_64/10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm Mandrakelinux 10.2: b073077b108528d1ceed5681acf46f8c 10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.i586.rpm 0077a3948564abc01ab2dc935268b443 10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.i586.rpm cb1265c4a12964fa5fbf42a7fb2361df 10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 0f3eeec0e097087dd4b15dc89ccea21f x86_64/10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.x86_64.rpm c573c4ff16b3b0c9bf68467d5cfc347b x86_64/10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.x86_64.rpm cb1265c4a12964fa5fbf42a7fb2361df x86_64/10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm Corporate 3.0: 406191468856946e82d195204855a05f corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.i586.rpm 768b911c0d220197ad43f351b91e1c9c corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.i586.rpm 70d8a7e69f725875da71507ebc7c2447 corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: e97c0cd16db006ebc56e7b339c4eccc9 x86_64/corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.x86_64.rpm e1f6f75a51182be5155dc204abbbf188 x86_64/corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.x86_64.rpm 70d8a7e69f725875da71507ebc7c2447 x86_64/corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCjBUQmqjQ0CJFipgRAjzeAJ9cTiaucpnqaW4JIyQgqiDAGRNfZQCg29j5 pTU5kh/+QTwHzbHNURqbPpE= =X3bG -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/