Lucene search

[email protected]CVE-2003-0289

HistoryJun 16, 2003 - 4:00 a.m.

CVE-2003-0289

2003-06-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0289

cdrecord

cdrtools

scsiopen.c

format string vulnerability

local users

gain privileges

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

CPENameOperatorVersion
cdrtools:cdrecordcdrtools cdrecordeq1.11
cdrtools:cdrecordcdrtools cdrecordeq2.0

CPE	Name	Operator	Version
cdrtools:cdrecord	cdrtools cdrecord	eq	1.11
cdrtools:cdrecord	cdrtools cdrecord	eq	2.0

References

ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

forums.gentoo.org/viewtopic.php?t=54904

marc.info/?l=bugtraq&m=105285564307225&w=2

marc.info/?l=bugtraq&m=105286031812533&w=2

www.mandriva.com/security/advisories?name=MDKSA-2003:058

www.securiteam.com/exploits/5ZP0C2AAAC.html

www.securityfocus.com/bid/7565

exchange.xforce.ibmcloud.com/vulnerabilities/12007

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0289

nessus1