VDR Daemon Unspecified Remote File Access Vulnerability
BID:12356
Info
VDR Daemon Unspecified Remote File Access Vulnerability
| Bugtraq ID: | 12356 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0071 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Javier Fernández-Sanguino Peña is credited with the discovery of this issue. |
| Vulnerable: |
vdr daemon 1.0 |
| Not Vulnerable: | |
Discussion
VDR Daemon Unspecified Remote File Access Vulnerability
An unspecified remote file access vulnerability affects the vdr daemon. The underlying issue that causes this vulnerability is likely a failure to abide by file access restrictions, although this is unconfirmed.This BID will be updated as more details are released.
An attacker may leverage this issue to overwrite arbitrary files on an affected computer. This can lead to a superuser compromise of the affected computer, corruption of data, as well as other attacks.
An unspecified remote file access vulnerability affects the vdr daemon. The underlying issue that causes this vulnerability is likely a failure to abide by file access restrictions, although this is unconfirmed.This BID will be updated as more details are released.
An attacker may leverage this issue to overwrite arbitrary files on an affected computer. This can lead to a superuser compromise of the affected computer, corruption of data, as well as other attacks.
Exploit / POC
VDR Daemon Unspecified Remote File Access Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
VDR Daemon Unspecified Remote File Access Vulnerability
Solution:
Debian has released advisory DSA 656-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200501-42 to address this issue. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1"
Please see the referenced Gentoo advisory for more information.
vdr daemon 1.0
Solution:
Debian has released advisory DSA 656-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200501-42 to address this issue. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1"
Please see the referenced Gentoo advisory for more information.
vdr daemon 1.0
-
Debian vdr-daemon_1.0.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/v/vdr/vdr-daemon_1.0.0-1w oody2_i386.deb -
Debian vdr-kbd_1.0.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/v/vdr/vdr-kbd_1.0.0-1wood y2_i386.deb -
Debian vdr-lirc_1.0.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/v/vdr/vdr-lirc_1.0.0-1woo dy2_i386.deb -
Debian vdr-rcu_1.0.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/v/vdr/vdr-rcu_1.0.0-1wood y2_i386.deb -
Debian vdr_1.0.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2_i 386.deb
References
VDR Daemon Unspecified Remote File Access Vulnerability
References:
References: