Mandrake Linux Security Advisory : cdrecord (MDKSA-2000:009)
High Nessus Plugin ID 61807
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe linux cdrecord binary is vulnerable to a locally exploitable buffer overflow attack. When installed on a Linux-Mandrake distribution, it is by default setgid 'cdburner' (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with the gid 'cdburner'.
SolutionUpdate the affected packages.