Ubuntu 4.10 : cdrtools vulnerability (USN-100-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Javier Fern�ez-Sanguino Pe�oticed that cdrecord created temporary
files in an insecure manner if DEBUG was enabled in
/etc/cdrecord/rscsi. If the default value was used (which stored the
debug output file in /tmp), this could allow a symbolic link attack to
create or overwrite arbitrary files with the privileges of the user
invoking cdrecord.

Please note that DEBUG is not enabled by default in Ubuntu, so if you
did not explicitly enable it, this does not affect you.

Solution :

Update the affected packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20486 ()

Bugtraq ID:

CVE ID: