 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50354 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-297 (cdrtools) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to cdrtools announced via advisory FEDORA-2004-297. cdrtools is a collection of CD/DVD utilities. Update Information: Anyone who has manually suid /usr/bin/cdrecord should update to this version. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806 * Wed Sep 08 2004 Harald Hoyer - added patch for CVE-2004-0806, if s.o. is so stupid to make cdrecord suid This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 8c5baaa4f091b16370a2fc6e92684246 SRPMS/cdrtools-2.01-0.a19.2.FC1.1.src.rpm c3ce28f3c5b3190fd888db13f6a4de4c x86_64/cdrecord-2.01-0.a19.2.FC1.1.x86_64.rpm 32c300cf4f4bafd083782de090375c15 x86_64/cdrecord-devel-2.01-0.a19.2.FC1.1.x86_64.rpm e6a285ccdeba93bd15488ebb8ea29690 x86_64/mkisofs-2.01-0.a19.2.FC1.1.x86_64.rpm 86dde7afac3d91514876e876cf96c4e2 x86_64/cdda2wav-2.01-0.a19.2.FC1.1.x86_64.rpm c9cbb9577b4574f33357cb058eae6de4 x86_64/debug/cdrtools-debuginfo-2.01-0.a19.2.FC1.1.x86_64.rpm 02d85342deaca913ffb55b97bba42e10 i386/cdrecord-2.01-0.a19.2.FC1.1.i386.rpm 2c2ecccb5de0d111e1d23bc40d70cfdc i386/cdrecord-devel-2.01-0.a19.2.FC1.1.i386.rpm 969a9959cb2dac9295cb6a1fd6c48a49 i386/mkisofs-2.01-0.a19.2.FC1.1.i386.rpm 3df104a4966c5c075a8acbdc7248d362 i386/cdda2wav-2.01-0.a19.2.FC1.1.i386.rpm 1101f36dc1b269f940805eea77fd4da8 i386/debug/cdrtools-debuginfo-2.01-0.a19.2.FC1.1.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-297.shtml Risk factor : High CVSS Score: 7.2 |
| Cross-Ref: |
BugTraq ID: 11075 Common Vulnerability Exposure (CVE) ID: CVE-2004-0806 http://www.securityfocus.org/bid/11075 Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search) http://seclists.org/lists/bugtraq/2004/Sep/0097.html Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html CERT/CC vulnerability note: VU#700326 http://www.kb.cert.org/vuls/id/700326 https://bugzilla.fedora.us/show_bug.cgi?id=2058 http://www.mandriva.com/security/advisories?name=MDKSA-2004:091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805 http://securitytracker.com/id?1011091 http://secunia.com/advisories/12481/ http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U XForce ISS Database: cdrecord-rsh-gain-privileges(17303) https://exchange.xforce.ibmcloud.com/vulnerabilities/17303 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |