Linux cdrecord Buffer Overflow Vulnerability
BID:1265
Info
Linux cdrecord Buffer Overflow Vulnerability
| Bugtraq ID: | 1265 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 29 2000 12:00AM |
| Updated: | May 29 2000 12:00AM |
| Credit: | First posted to Bugtraq by noir <[email protected]> on May 27, 2000. |
| Vulnerable: |
Mandriva Linux Mandrake 7.0 |
| Not Vulnerable: | |
Discussion
Linux cdrecord Buffer Overflow Vulnerability
The linux cdrecorder binary is vulnerable to a locally exploitable buffer overflow attack. When installed in a Mandrake 7.0 linux distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with egid "cdburner". cdburner has been verified (by the writers of the exploit) to be exploitable on an Intel linux system running Mandrake 7.0. Other distributions of linux may be vulnerable to this problem as well.
The linux cdrecorder binary is vulnerable to a locally exploitable buffer overflow attack. When installed in a Mandrake 7.0 linux distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with egid "cdburner". cdburner has been verified (by the writers of the exploit) to be exploitable on an Intel linux system running Mandrake 7.0. Other distributions of linux may be vulnerable to this problem as well.
Exploit / POC
Linux cdrecord Buffer Overflow Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Linux cdrecord Buffer Overflow Vulnerability
Solution:
To upgrade automatically, use ? MandrakeUpdate ?. If you want to upgrade manually, download the updated package from one of the FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory.
For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/
Mandriva Linux Mandrake 7.0
Solution:
To upgrade automatically, use ? MandrakeUpdate ?. If you want to upgrade manually, download the updated package from one of the FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory.
For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/
Mandriva Linux Mandrake 7.0
-
MandrakeSoft 7.0 i386 cdrecord-1.8.1-4mdk.i586.rpm
http://www.mandrake.com/en/ftp.php3 -
MandrakeSoft 7.0 i386 cdrecord-cdda2wav-1.8.1-4mdk.i586.rpm
http://www.mandrake.com/en/ftp.php3 -
MandrakeSoft 7.0 i386 cdrecord-devel-1.8.1-4mdk.i586.rpm
http://www.mandrake.com/en/ftp.php3 -
MandrakeSoft 7.0 i386 mkisofs-1.12.1-4mdk.i586.rpm
http://www.mandrake.com/en/ftp.php3 -
MandrakeSoft 7.0 source cdrecord-1.8.1-4mdk.src.rpm
http://www.mandrake.com/en/ftp.php3
References
Linux cdrecord Buffer Overflow Vulnerability
References:
References: