Originally Published: Saturday, 2 October 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Local exploit exists in cdda2cdr

There is a buffer overflow vulnerability in cdda2cdr distributed with (at least) package cdwtools-0.93-78. This program is sgid disk by default and thus any malicious user who gains disk privs will have r/w access to your entire hard drive(s) in the form of /dev/hd*. This is obviously a quick root compromise. Fixed packages will be available soon from various vendors (probably by the time you read this). Note that this particular overflow does not affect cdda2wav. [from BugTraq]