9 matches found
EUVD-2004-0804
Malware in sbrugna...
CVE-2005-0866
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2005-0866
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2004-0806
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...
CDRecord's ReadCD - Local Privilege Escalation
!/bin/bash echo "readcd-exp.sh -- ReadCD local exploit Test on cdrecord-2.01-0.a27.2mdk" echo "Author : newbug at chroot.org" echo "Date :09.13.2004" echo "IRC : irc.chroot.org discuss" export READCD=/usr/bin/readcd cd /tmp cat s.c include include int main setuid0;setgid0; chown"/tmp/ss", 0, 0;...
Mandrake Linux Security Advisory : cdrecord (MDKSA-2004:091)
Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it execs a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the vulnerability...
[Full-Disclosure] MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: cdrecord Advisory ID: MDKSA-2004:091 Date: September 7th, 2004 Affected versions: 10.0, 9.2 Problem Description: Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0...
Mandrake Linux Security Advisory : cdrecord (MDKSA-2003:058-1)
A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manuall...
Cdrecord local root exploit.
Priv8security.com Hi, here it is local root exploit cdrecord format string bug Cdrecord come suid root by default on mandrake distro and it can be executed by anybody. wsxz@localhost wsxz$ ls -l /usr/bin/cdrecord -rwsr-sr-x 1 root cdwriter 278156 Jan 6 07:2 /usr/bin/cdrecord here goes the code or...