CDRTools CDRecord本地不安全文件创建漏洞-一一网

CDRTools CDRecord本地不安全文件创建漏洞

4年前更新

1200

漏洞信息详情

CDRTools CDRecord本地不安全文件创建漏洞

CNNVD编号：CNNVD-200505-743

危害等级：低危
CVE编号：
CVE-2005-0866
漏洞类型：

设计错误
发布时间：

2005-05-02
威胁类型：

本地
更新时间：

2005-10-20
厂商：

cdrtools
漏洞来源：
Javier Fernandez-S…

漏洞简介

cdrecord的4：2.0之前版本，当启用DEBUG时，本地用户可以通过对临时文件发起symlink攻击来重写任意文件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

CDRTools CDRecord 1.11

Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.i586.rpm

Mandrake Corporate Server 2.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.x86_64.rpm

Mandrake Corporate Server 2.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.i586.rpm

Mandrake Corporate Server 2.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.x86_64.rpm

Mandrake Corporate Server 2.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.i586.rpm

Mandrake Corporate Server 2.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.x86_64.rpm

Mandrake Corporate Server 2.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.i586.rpm

Mandrake Corporate Server 2.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.x86_64.rpm

Mandrake Corporate Server 2.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.i586.rpm

Mandrake Corporate Server 2.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.x86_64.rpm

Mandrake Corporate Server 2.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

CDRTools CDRTools 2.0

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_amd64.deb

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_i386.deb

Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_powerpc.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_amd64.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_i386.deb

Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_powerpc.deb

Ubuntu cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2. 0+a30.pre1-1ubuntu2.2_all.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_amd64.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_i386.deb

Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb

Ubuntu 4.10 (Warty Warthog)

http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_powerpc.deb

CDRTools CDRTools 2.0.1

Mandriva cdrecord-2.01-0.a28.3.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.100mdk.i586.rpm

Mandrake Linux 10.0

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.C30mdk.i586.rpm

Mandrake Corporate Server 3.0

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-0.a28.3.C30mdk.x86_64.rpm

Mandrake Corporate Server 3.0

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-1.1.101mdk.i586.rpm

Mandrake Linux 10.1

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01-1.1.101mdk.x86_64.rpm

Mandrake Linux 10.1/x86_64

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01.01-0.a01.6.1.102mdk.i586.rpm

Mandrake Linux 10.2

http://www1.mandrivalinux.com/en/ftp.php3

Mandriva cdrecord-2.01.01-0.

参考网址

来源: UBUNTU

名称: USN-100-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-100-1

来源: bugs.debian.org

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376

受影响实体

Cdrtools Cdrecord:2.0

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐