|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
|
|
Classification |
Unknown or Incomplete
|
|
Technical |
ECLiPt eroaster creates a lockfile in an insecure manner which may allow an attacker to over-write files with the permission of the user running eroaster. This could allow system compromise or privilege escalation if eroaster is being run as a priviliged user.
|
|
Solution |
Upgrade to eroaster-2.1.0-r2 or higher.
On Mandrake, install the appropriate patch:
9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
corporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
corporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm
On Debian, upgrade to 2.1.0.0.3-2woody1 or 2.2.0-0.5-1 (sid).
|
|
Products |
|
Linux
 |
3.0 |
|
eroaster
|
2.0.0 |
2.1.0 |
2.2.0 |
|
Linux
|
9.0 |
9.1 |
Corporate Server
|
2.1 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
