Vulnerability: Mandrake cdrecord

A vulnerability in cdrecord was discovered that can be used to obtain root access as Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are available to fix this vulnerability.

Users can elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root:

chmod ug-s /usr/bin/cdrecord

This is not required to protect against this particular vulnerability, however.

For more details, click http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:058.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Mandrake

Show Comments