Lucene search

[email protected]CVE-2004-0806

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-0806

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cdrecord

cdrtools

cve-2004-0806

setuid

root

privilege

vulnerability

nvd

6.3 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

CPENameOperatorVersion
cdrtools:cdrecordcdrtools cdrecordeq1.11
cdrtools:cdrecordcdrtools cdrecordeq2.0

CPE	Name	Operator	Version
cdrtools:cdrecord	cdrtools cdrecord	eq	1.11
cdrtools:cdrecord	cdrtools cdrecord	eq	2.0

References

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

seclists.org/lists/bugtraq/2004/Sep/0097.html

secunia.com/advisories/12481/

secunia.com/advisories/19532

securitytracker.com/id?1011091

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html

www.kb.cert.org/vuls/id/700326

www.mandriva.com/security/advisories?name=MDKSA-2004:091

www.securityfocus.org/bid/11075

bugzilla.fedora.us/show_bug.cgi?id=2058

exchange.xforce.ibmcloud.com/vulnerabilities/17303

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805

6.3 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for CVE-2004-0806

gentoo1 nessus4 openvas1 securityvulns1 ubuntucve1 cert1 oraclelinux1