ID OSVDB:2143 Type osvdb Reporter OSVDB Modified 2003-08-20T03:26:13
Description
Vulnerability Description
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
Technical Description
ECLiPt eroaster creates a lockfile in an insecure manner which may allow an attacker to over-write files with the permission of the user running eroaster. This could allow system compromise or privilege escalation if eroaster is being run as a priviliged user.
Solution Description
Upgrade to eroaster-2.1.0-r2 or higher.
On Mandrake, install the appropriate patch:
9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
corporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
corporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
On Debian, upgrade to 2.1.0.0.3-2woody1 or 2.2.0-0.5-1 (sid).
Short Description
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
{"type": "osvdb", "published": "2003-08-20T03:26:13", "href": "https://vulners.com/osvdb/OSVDB:2143", "hashmap": [{"key": "affectedSoftware", "hash": "1eff5e1ca6ff850b9639234d0903d100"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "77e9299b4ec62641190ee51f4c5a9e6c"}, {"key": "cvss", "hash": "ed2d4671248fcbbd20d1024a19762693"}, {"key": "description", "hash": "6a300ce36e485c6fc6e96e8d36bf67e3"}, {"key": "href", "hash": "e1d18eb30487aa5d10045d3694364f8c"}, {"key": "modified", "hash": "6d5357c5924c25c0649fff954f0cd3b9"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6d5357c5924c25c0649fff954f0cd3b9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "8d53eb958aa0eb959100cc2ad443c432"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 2.1}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "ECLiPt eroaster Insecure Lockfile Creation", "affectedSoftware": [{"operator": "eq", "version": "3.0", "name": "Linux"}, {"operator": "eq", "version": "9.0", "name": "Linux"}, {"operator": "eq", "version": "2.1.0", "name": "eroaster"}, {"operator": "eq", "version": "2.0.0", "name": "eroaster"}, {"operator": "eq", "version": "9.1", "name": "Linux"}, {"operator": "eq", "version": "2.2.0", "name": "eroaster"}, {"operator": "eq", "version": "2.1", "name": "Corporate Server"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:2143", "hash": "f3288c9a2740dd4f28dbc7b8f440ea308a308d697131c22260175bfa80436409", "lastseen": "2017-04-28T13:19:56", "cvelist": ["CVE-2003-0656"], "modified": "2003-08-20T03:26:13", "description": "## Vulnerability Description\nECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.\n## Technical Description\nECLiPt eroaster creates a lockfile in an insecure manner which may allow an attacker to over-write files with the permission of the user running eroaster. This could allow system compromise or privilege escalation if eroaster is being run as a priviliged user.\n## Solution Description\nUpgrade to eroaster-2.1.0-r2 or higher.\n\nOn Mandrake, install the appropriate patch:\n9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\n9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\n9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\n9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\ncorporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm\ncorporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm\n\nOn Debian, upgrade to 2.1.0.0.3-2woody1 or 2.2.0-0.5-1 (sid).\n\n## Short Description\nECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.\n## References:\nVendor Specific Solution URL: http://www.debian.org/security/2003/dsa-366\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:083)\n[Secunia Advisory ID:9568](https://secuniaresearch.flexerasoftware.com/advisories/9568/)\n[Secunia Advisory ID:9655](https://secuniaresearch.flexerasoftware.com/advisories/9655/)\n[Secunia Advisory ID:9455](https://secuniaresearch.flexerasoftware.com/advisories/9455/)\nISS X-Force ID: 12829\n[CVE-2003-0656](https://vulners.com/cve/CVE-2003-0656)\nBugtraq ID: 8350\n"}
{"cve": [{"lastseen": "2017-04-18T15:50:02", "references": ["http://www.mandriva.com/security/advisories?name=MDKSA-2003:083", "http://marc.info/?l=bugtraq&m=106252649028401&w=2", "http://www.debian.org/security/2003/dsa-366"], "description": "eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.", "edition": 2, "reporter": "NVD", "published": "2003-08-27T00:00:00", "title": "CVE-2003-0656", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:50:02", "vector": "NONE", "value": 2.1}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-0656"], "scanner": [], "modified": "2016-10-17T22:36:24", "cpe": ["cpe:/a:eroaster:eroaster:2.2.0", "cpe:/a:eroaster:eroaster:2.0.0", "cpe:/a:eroaster:eroaster:2.1.0"], "id": "CVE-2003-0656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0656", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "53654", "description": "The remote host is missing an update to eroaster\nannounced via advisory DSA 366-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 366-1 (eroaster)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0656"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53654", "id": "OPENVAS:53654", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_366_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 366-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"eroaster, a frontend for burning CD-R media using cdrecord, does not\ntake appropriate security precautions when creating a temporary file\nfor use as a lockfile. This bug could potentially be exploited to\noverwrite arbitrary files with the privileges of the user running\neroaster.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.1.0.0.3-2woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.0-0.5-1.\n\nWe recommend that you update your eroaster package.\";\ntag_summary = \"The remote host is missing an update to eroaster\nannounced via advisory DSA 366-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20366-1\";\n\nif(description)\n{\n script_id(53654);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(8350);\n script_cve_id(\"CVE-2003-0656\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 366-1 (eroaster)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"eroaster\", ver:\"2.1.0.0.3-2woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2016-09-02T18:33:57", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.1.0.0.3-2woody1", "packageFilename": "eroaster_2.1.0.0.3-2woody1.dsc", "packageName": "eroaster", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.1.0.0.3-2woody1.diff", "packageFilename": "eroaster_2.1.0.0.3-2woody1.diff.gz", "packageName": "eroaster", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.1.0.0.3-2woody1", "packageFilename": "eroaster_2.1.0.0.3-2woody1_all.deb", "packageName": "eroaster", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.1.0.0.3.orig", "packageFilename": "eroaster_2.1.0.0.3.orig.tar.gz", "packageName": "eroaster", "arch": "src", "operator": "lt"}], "edition": 1, "description": "eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster.\n\nFor the stable distribution (woody) this problem has been fixed in version 2.1.0.0.3-2woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in version 2.2.0-0.5-1.\n\nWe recommend that you update your eroaster package.", "reporter": "Debian", "published": "2003-08-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "eroaster -- insecure temporary file", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0656"], "modified": "2003-08-05T00:00:00", "href": "http://www.debian.org/security/dsa-366", "id": "DSA-366", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:08", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 366-1 security@debian.org\r\nhttp://www.debian.org/security/ Matt Zimmerman\r\nAugust 5th, 2003 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : eroaster\r\nVulnerability : insecure temporary file\r\nProblem-Type : local\r\nDebian-specific: no\r\nCVE Id : CAN-2003-0656\r\n\r\neroaster, a frontend for burning CD-R media using cdrecord, does not\r\ntake appropriate security precautions when creating a temporary file\r\nfor use as a lockfile. This bug could potentially be exploited to\r\noverwrite arbitrary files with the privileges of the user running\r\neroaster.\r\n\r\nFor the stable distribution (woody) this problem has been fixed in\r\nversion 2.1.0.0.3-2woody1.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 2.2.0-0.5-1.\r\n\r\nWe recommend that you update your eroaster package.\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1.dsc\r\n Size/MD5 checksum: 641 384fd61393ef45c246489da03dec960c\r\n http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1.diff.gz\r\n Size/MD5 checksum: 2442 1356f13831c215a137f8639c3a656ee9\r\n http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3.orig.tar.gz\r\n Size/MD5 checksum: 160884 1337d58a0c140ef62f2184699132ed40\r\n\r\n Architecture independent components:\r\n\r\n http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1_all.deb\r\n Size/MD5 checksum: 145184 757bdf67c5b40eb6309260d90f1006ab\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next revision.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQE/MHAQArxCt0PiXR4RAjoAAJ9BJxyq9q8g+esboAKNnhGllnmplQCeInhb\r\nID4Mx/AirS2x8vmL8AaVmu4=\r\n=yRMp\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-08-07T00:00:00", "title": "[SECURITY] [DSA-366-1] New eroaster packages fix insecure temporary file creation", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:08", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0656"], "modified": "2003-08-07T00:00:00", "id": "SECURITYVULNS:DOC:4958", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4958", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:08:29", "references": [], "pluginID": "14065", "description": "A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile.\nThis vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : eroaster (MDKSA-2003:083)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0656"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:eroaster", "cpe:/o:mandrakesoft:mandrake_linux:9.0"], "id": "MANDRAKE_MDKSA-2003-083.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14065", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:083. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14065);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2003-0656\");\n script_xref(name:\"MDKSA\", value:\"2003:083\");\n\n script_name(english:\"Mandrake Linux Security Advisory : eroaster (MDKSA-2003:083)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in eroaster where it does not take any\nsecurity precautions when creating a temporary file for the lockfile.\nThis vulnerability could be exploited to overwrite arbitrary files\nwith the privileges of the user running eroaster.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected eroaster package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eroaster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", reference:\"eroaster-2.1.0-6.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", reference:\"eroaster-2.1.0-6.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:50:40", "references": ["http://www.debian.org/security/2003/dsa-366"], "pluginID": "15203", "description": "eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster.", "edition": 6, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-366-1 : eroaster - insecure temporary file", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0656"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:eroaster"], "id": "DEBIAN_DSA-366.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15203", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-366. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15203);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2003-0656\");\n script_bugtraq_id(8350);\n script_xref(name:\"DSA\", value:\"366\");\n\n script_name(english:\"Debian DSA-366-1 : eroaster - insecure temporary file\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"eroaster, a frontend for burning CD-R media using cdrecord, does not\ntake appropriate security precautions when creating a temporary file\nfor use as a lockfile. This bug could potentially be exploited to\noverwrite arbitrary files with the privileges of the user running\neroaster.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-366\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (woody) this problem has been fixed in\nversion 2.1.0.0.3-2woody1.\n\nWe recommend that you update your eroaster package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eroaster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"eroaster\", reference:\"2.1.0.0.3-2woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
