Lucene search

K
cve[email protected]CVE-2004-0806
HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-0806

2004-12-3105:00:00
web.nvd.nist.gov
25
cdrecord
cdrtools
cve-2004-0806
setuid
root
privilege
vulnerability
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

5.3%

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Affected configurations

NVD
Node
cdrtoolscdrecordMatch1.11
OR
cdrtoolscdrecordMatch2.0

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

5.3%