CVE-2004-0806 - cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop pri

CVE-2004-0806

Summary

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

References

Vulnerable Configurations

cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2013-04-29T04:22:23.934-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:9805

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

refmap via4

bid	11075
bugtraq	20040909 Bugtraq: cdrecord local root exploit 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh
cert-vn	VU#700326
fedora	FLSA:2058
mandrake	MDKSA-2004:091
sectrack	1011091
secunia	12481 19532
sgi	20060401-01-U
xf	cdrecord-rsh-gain-privileges(17303)

statements via4

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages.

Last major update

11-10-2017 - 01:29

Published

31-12-2004 - 05:00

Last modified

11-10-2017 - 01:29