ID OSVDB:2143 Type osvdb Reporter OSVDB Modified 2003-08-20T03:26:13
Description
Vulnerability Description
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
Technical Description
ECLiPt eroaster creates a lockfile in an insecure manner which may allow an attacker to over-write files with the permission of the user running eroaster. This could allow system compromise or privilege escalation if eroaster is being run as a priviliged user.
Solution Description
Upgrade to eroaster-2.1.0-r2 or higher.
On Mandrake, install the appropriate patch:
9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
corporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
corporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
On Debian, upgrade to 2.1.0.0.3-2woody1 or 2.2.0-0.5-1 (sid).
Short Description
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
{"type": "osvdb", "published": "2003-08-20T03:26:13", "href": "https://vulners.com/osvdb/OSVDB:2143", "hashmap": [{"key": "affectedSoftware", "hash": "1eff5e1ca6ff850b9639234d0903d100"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "77e9299b4ec62641190ee51f4c5a9e6c"}, {"key": "cvss", "hash": "ed2d4671248fcbbd20d1024a19762693"}, {"key": "description", "hash": "6a300ce36e485c6fc6e96e8d36bf67e3"}, {"key": "href", "hash": "e1d18eb30487aa5d10045d3694364f8c"}, {"key": "modified", "hash": "6d5357c5924c25c0649fff954f0cd3b9"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6d5357c5924c25c0649fff954f0cd3b9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "8d53eb958aa0eb959100cc2ad443c432"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 2.1}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "ECLiPt eroaster Insecure Lockfile Creation", "affectedSoftware": [{"operator": "eq", "version": "3.0", "name": "Linux"}, {"operator": "eq", "version": "9.0", "name": "Linux"}, {"operator": "eq", "version": "2.1.0", "name": "eroaster"}, {"operator": "eq", "version": "2.0.0", "name": "eroaster"}, {"operator": "eq", "version": "9.1", "name": "Linux"}, {"operator": "eq", "version": "2.2.0", "name": "eroaster"}, {"operator": "eq", "version": "2.1", "name": "Corporate Server"}], "enchantments": {"vulnersScore": 7.5}, "references": [], "id": "OSVDB:2143", "hash": "f3288c9a2740dd4f28dbc7b8f440ea308a308d697131c22260175bfa80436409", "lastseen": "2017-04-28T13:19:56", "cvelist": ["CVE-2003-0656"], "modified": "2003-08-20T03:26:13", "description": "## Vulnerability Description\nECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.\n## Technical Description\nECLiPt eroaster creates a lockfile in an insecure manner which may allow an attacker to over-write files with the permission of the user running eroaster. This could allow system compromise or privilege escalation if eroaster is being run as a priviliged user.\n## Solution Description\nUpgrade to eroaster-2.1.0-r2 or higher.\n\nOn Mandrake, install the appropriate patch:\n9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\n9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\n9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\n9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\ncorporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\ncorporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\n\nOn Debian, upgrade to 2.1.0.0.3-2woody1 or 2.2.0-0.5-1 (sid).\n\n## Short Description\nECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.\n## References:\nVendor Specific Solution URL: http://www.debian.org/security/2003/dsa-366\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:083)\n[Secunia Advisory ID:9568](https://secuniaresearch.flexerasoftware.com/advisories/9568/)\n[Secunia Advisory ID:9655](https://secuniaresearch.flexerasoftware.com/advisories/9655/)\n[Secunia Advisory ID:9455](https://secuniaresearch.flexerasoftware.com/advisories/9455/)\nISS X-Force ID: 12829\n[CVE-2003-0656](https://vulners.com/cve/CVE-2003-0656)\nBugtraq ID: 8350\n"}
{"result": {"cve": [{"id": "CVE-2003-0656", "type": "cve", "title": "CVE-2003-0656", "description": "eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.", "published": "2003-08-27T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0656", "cvelist": ["CVE-2003-0656"], "lastseen": "2017-04-18T15:50:02"}], "nessus": [{"id": "MANDRAKE_MDKSA-2003-083.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : eroaster (MDKSA-2003:083)", "description": "A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile.\nThis vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster.", "published": "2004-07-31T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14065", "cvelist": ["CVE-2003-0656"], "lastseen": "2017-10-29T13:45:12"}, {"id": "DEBIAN_DSA-366.NASL", "type": "nessus", "title": "Debian DSA-366-1 : eroaster - insecure temporary file", "description": "eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster.", "published": "2004-09-29T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15203", "cvelist": ["CVE-2003-0656"], "lastseen": "2018-07-12T17:55:40"}], "debian": [{"id": "DSA-366", "type": "debian", "title": "eroaster -- insecure temporary file", "description": "eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster.\n\nFor the stable distribution (woody) this problem has been fixed in version 2.1.0.0.3-2woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in version 2.2.0-0.5-1.\n\nWe recommend that you update your eroaster package.", "published": "2003-08-05T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-366", "cvelist": ["CVE-2003-0656"], "lastseen": "2016-09-02T18:33:57"}], "openvas": [{"id": "OPENVAS:53654", "type": "openvas", "title": "Debian Security Advisory DSA 366-1 (eroaster)", "description": "The remote host is missing an update to eroaster\nannounced via advisory DSA 366-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53654", "cvelist": ["CVE-2003-0656"], "lastseen": "2017-07-24T12:50:19"}]}}
