GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Sun Jan 30, 2005 7:09 pm Post subject: [ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue |
|
|
Gentoo Linux Security Advisory
Title: VDR: Arbitrary file overwriting issue (GLSA 200501-42)
Severity: normal
Exploitable: local
Date: January 30, 2005
Bug(s): #78230
ID: 200501-42
Synopsis
VDR insecurely accesses files with elevated privileges, which may result in the overwriting of arbitrary files.
Background
Video Disk Recorder (VDR) is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings.
Affected Packages
Package: media-video/vdr
Vulnerable: < 1.2.6-r1
Unaffected: >= 1.2.6-r1
Architectures: All supported architectures
Description
Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that VDR accesses user-controlled files insecurely.
Impact
A local attacker could create malicious links and invoke a VDR recording that would overwrite arbitrary files on the system.
Workaround
There is no known workaround at this time.
Resolution
All VDR users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1" |
References
CAN-2005-0071
Last edited by GLSA on Sun May 11, 2008 4:16 am; edited 3 times in total |
|