Mandrake Linux Security Advisory : cdrdao (MDKSA-2005:089)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

The cdrdao package contains two vulnerabilities; the first allows
local users to read arbitrary files via the show-data command and the
second allows local users to overwrite arbitrary files via a symlink
attack on the ~/.cdrdao configuration file. This can also lead to
elevated privileges (a root shell) due to cdrdao being installed suid

The provided packages have been patched to correct these issues.

Solution :

Update the affected cdrdao and / or cdrdao-gcdmaster packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Mandriva Local Security Checks

Nessus Plugin ID: 18305 (mandrake_MDKSA-2005-089.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0137

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now