Test ID:	1.3.6.1.4.1.25623.1.0.52899
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2004-26 (cdrtools)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cdrtools announced via advisory TLSA-2004-26. cdrtools is a collection of CD/DVD utilities. cdrecord, which is set-uid root, fails to drop the effective UID (of root -- euid=0) when it exec()s a program specified by the user via the $RSH environment variable. Allows local users to gain root privileges. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-26 Risk factor : High CVSS Score: 7.2
Cross-Ref:	BugTraq ID: 11075 Common Vulnerability Exposure (CVE) ID: CVE-2004-0806 http://www.securityfocus.org/bid/11075 Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search) http://seclists.org/lists/bugtraq/2004/Sep/0097.html Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html CERT/CC vulnerability note: VU#700326 http://www.kb.cert.org/vuls/id/700326 https://bugzilla.fedora.us/show_bug.cgi?id=2058 http://www.mandriva.com/security/advisories?name=MDKSA-2004:091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805 http://securitytracker.com/id?1011091 http://secunia.com/advisories/12481/ http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U XForce ISS Database: cdrecord-rsh-gain-privileges(17303) https://exchange.xforce.ibmcloud.com/vulnerabilities/17303
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.