Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Sun Jan 30, 2005 7:09 pm Post subject: [ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue
|Gentoo Linux Security Advisory
Title: VDR: Arbitrary file overwriting issue (GLSA 200501-42)
Date: January 30, 2005
VDR insecurely accesses files with elevated privileges, which may result in the overwriting of arbitrary files.
Video Disk Recorder (VDR) is a Linux-based digital video recorder. The VDR program handles the On Screen Menu system that offers complete control over channel settings, timers and recordings.
Vulnerable: < 1.2.6-r1
Unaffected: >= 1.2.6-r1
Architectures: All supported architectures
Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that VDR accesses user-controlled files insecurely.
A local attacker could create malicious links and invoke a VDR recording that would overwrite arbitrary files on the system.
There is no known workaround at this time.
All VDR users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vdr-1.2.6-r1"
Last edited by GLSA on Sun May 11, 2008 4:16 am; edited 3 times in total