CVE-2003-0655 - rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root pri

CVE-2003-0655

Summary

rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.

References

http://marc.info/?l=bugtraq&m=105978381618095&w=2
http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt

Vulnerable Configurations

cpe:2.3:a:cdrtools:cdrtools:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrtools:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrtools:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrtools:2.0.3:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 02:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20030801 SRT2003-08-01-0126 - cdrtools local root exploit
misc	http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt

Last major update

18-10-2016 - 02:36

Published

27-08-2003 - 04:00

Last modified

18-10-2016 - 02:36