cdrtools cdrecord rscsi Arbitrary File Overwrite Privilege Escalation

2003-08-01T23:04:23
ID OSVDB:2359
Type osvdb
Reporter KF(dotslash@snosoft.com)
Modified 2003-08-01T23:04:23

Description

Vulnerability Description

cdrecord in cdrtools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the rscsi helper binary is installed setuid root. By specifying the target file as a command line argument, a malicious user could overwrite arbitrary files to gain root privileges resulting in a loss of integrity.

Solution Description

Upgrade to version 2.01a18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

cdrecord in cdrtools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the rscsi helper binary is installed setuid root. By specifying the target file as a command line argument, a malicious user could overwrite arbitrary files to gain root privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.fokus.gmd.de/research/cc/glone/employees/joerg.schilling/private/cdrecord.html Security Tracker: 1007368 Secunia Advisory ID:9428 Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=105978381618095&w=2 ISS X-Force ID: 12802 CVE-2003-0655 Bugtraq ID: 8328