CDRTools CDRecord Devname格式字符串漏洞

漏洞信息详情

CDRTools CDRecord Devname格式字符串漏洞

• CNNVD编号：CNNVD-200306-084
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0289
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2003-06-16
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  cdrtools
• 漏洞来源：
  Discovery of this …

cdrtools 2.0版本中cdrecord程序的scsiopen.c存在格式字符串漏洞。本地用户借助dev参数的格式字符串说明符提升特权。

Mandrake has released a security advisory (MDKSA-2003:058-1), updating a previous advisory. Users are advised to upgrade as soon as possible. Further information regarding how to obtain and apply fixes can be found in the attached advisory.
The vendor has released an update to address this issue:
CDRTools CDRecord 2.0

• CDRTools cdrtools-2.01a14.tar.gz
  ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

来源: BID
名称: 7565
链接:http://www.securityfocus.com/bid/7565

来源: BUGTRAQ
名称: 20030513 cdrtools2.0 Format String Vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2

来源: BUGTRAQ
名称: 20030513 Cdrecord_local_root_exploit.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105286031812533&w=2

来源: ftp.berlios.de
链接:ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

来源: XF
名称: cdrtools-scsiopen-format-string(12007)
链接:http://xforce.iss.net/xforce/xfdb/12007

来源: www.securiteam.com
链接:http://www.securiteam.com/exploits/5ZP0C2AAAC.html

来源: MANDRAKE
名称: MDKSA-2003:058
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:058

来源: GENTOO
名称: 200305-06
链接:http://forums.gentoo.org/viewtopic.php?t=54904