F-Secure
Tools
CDRW-Taper "amlabel-cdrw" Insecure Temporary Files
| Report ID: | SA32627 |
| Source: | Secunia |
| Date of Discovery: | 07.11.2008 |
| Criticality: | Low |
| Affects: | CDRW-Taper 0.x |
| Compromise From: | Local system |
| Compromise Type: | Privilege escalation |
Summary
A security issue has been reported in CDRW-Taper, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Detailed Description
A security issue has been reported in CDRW-Taper, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the "amlabel-cdrw" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite or delete arbitrary files via symlink attacks.
The security issue is reported in version 0.4. Other versions may also be affected.
The security issue is caused due to the "amlabel-cdrw" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite or delete arbitrary files via symlink attacks.
The security issue is reported in version 0.4. Other versions may also be affected.
Solution
Restrict local access to trusted users only.
CVE Reference
CVE-2008-4945