BID:12891

CDRTools CDRecord Local Insecure File Creation Vulnerability

Info

CDRTools CDRecord Local Insecure File Creation Vulnerability

Bugtraq ID:	12891
Class:	Design Error
CVE:	CVE-2005-0866
Remote:	No
Local:	Yes
Published:	Mar 24 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Javier Fernandez-Sanguino Pena is credited with the discovery of this issue.
Vulnerable:	CDRTools CDRTools 2.0.1 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 CDRTools CDRTools 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 CDRTools CDRecord 1.11 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2

Not Vulnerable:

Discussion

CDRTools CDRecord Local Insecure File Creation Vulnerability

A local insecure file creation vulnerability affects cdrtools cdrecord. This issue is due to a failure of the application to securely create and write to various files.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the application.

Exploit / POC

CDRTools CDRecord Local Insecure File Creation Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

CDRTools CDRecord Local Insecure File Creation Vulnerability

Solution:
Ubuntu linux has released an advisory (USN-100-1) along with fixes dealing with this issue. Please see the reference section for more information.

Mandriva has released advisory MDKSA-2005:077 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

CDRTools CDRecord 1.11

Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

CDRTools CDRTools 2.0

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_amd64.deb

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_i386.deb

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_powerpc.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_amd64.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_i386.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_powerpc.deb

Ubuntu cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2. 0+a30.pre1-1ubuntu2.2_all.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_amd64.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_i386.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_powerpc.deb

CDRTools CDRTools 2.0.1

Mandriva cdrecord-2.01-0.a28.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-0.a28.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-0.a28.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-0.a28.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-0.a28.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-0.a28.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-0.a28.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-0.a28.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-0.a28.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-isotools-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-isotools-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-isotools-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-isotools-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-vanilla-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-vanilla-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-vanilla-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-vanilla-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-0.a28.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-0.a28.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-0.a28.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-0.a28.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01.01-0.a01.6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-2.01.01-0.a01.6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3

References

CDRTools CDRecord Local Insecure File Creation Vulnerability

References:

CDRTools Homepage (CDRTools)