Mandrake Linux Security Advisory : cdrecord (MDKSA-2005:077)
Low Nessus Plugin ID 18107
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionJavier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that by default this configuration file does not exist in Mandriva Linux so unless you create it and enable DEBUG, this does not affect you.
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.