1. CVE-Search
  2. CVE-2003-0289
ID CVE-2003-0289
Summary Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 7565
bugtraq
  • 20030513 Cdrecord_local_root_exploit.
  • 20030513 cdrtools2.0 Format String Vulnerability
confirm ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
gentoo 200305-06
mandrake MDKSA-2003:058
misc http://www.securiteam.com/exploits/5ZP0C2AAAC.html
xf cdrtools-scsiopen-format-string(12007)
Last major update 11-07-2017 - 01:29
Published 16-06-2003 - 04:00
Last modified 11-07-2017 - 01:29
Back to Top