Vulnerability: Mandrake cdrecord

A vulnerability in cdrecord was discovered that can be used to obtain root access as Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are available to fix this vulnerability.

Users can elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root:

chmod ug-s /usr/bin/cdrecord

This is not required to protect against this particular vulnerability, however.

For more details, click http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:058.

Join the newsletter!

Or
Error: Please check your email address.

More about Mandrake

Show Comments