26801 – app-cdr/eroaster

Bug 26801 - app-cdr/eroaster

Summary: app-cdr/eroaster

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-08-17 06:40 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-09-02 02:47 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-08-17 06:40:54 UTC

-------------------------------------------------------------------------- 
Debian Security Advisory DSA 366-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
August 5th, 2003                        http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : eroaster 
Vulnerability  : insecure temporary file 
Problem-Type   : local 
Debian-specific: no 
CVE Id         : CAN-2003-0656 
 
eroaster, a frontend for burning CD-R media using cdrecord, does not 
take appropriate security precautions when creating a temporary file 
for use as a lockfile.  This bug could potentially be exploited to 
overwrite arbitrary files with the privileges of the user running 
eroaster.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-09-02 02:47:33 UTC

glsa sent