| Originally published: Tuesday, 30 May 2000 | Author: Derrick H. Lewis |
| Published to: news_enhance_security/Security News | Page: 1/1 [Standard view] |
Linux cdrecord Buffer Overflow VulnerabilityThe linux cdrecorder binary is vulnerable to a locally exploitable buffer overflow attack. When installed in a Mandrake 7.0 linux distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time.
|
|
(this article had no body text)