EUVD-2003-0284

Malware in sbrugna...

EUVD-2003-0649

Malware in sbrugna...

SUSE CVE-2003-0289

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...

Ubuntu: Security Advisory (USN-100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CDRTools 2.0 RSCSI Debug File Arbitrary Local File Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi...

Gentoo Security Advisory GLSA 200409-18 (cdrtools)

The remote host is missing updates announced in advisory GLSA 200409-18. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200409-18 (cdrtools)

The remote host is missing updates announced in advisory GLSA 200409-18. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Moderate: pam security and bug fix update

cdrtools-2.01.0.a32-0.EL3.6 2.01.0.a32-0.EL3.6 - fix for CVE-2004-0813 - cdrecord and readcd are now suid, but with a pamconsole check - Resolves: rhbz232096 2.01.0.a32-0.EL3.3 - fix for CAN-2005-0866 "cdrecord insecure temporary file" 2.01.0.a32-0.EL3.2 - added patch for CAN-2004-0806, if s.o. w...

FreeBSD : cdrtools-cjk (2513)

The following package needs to be updated: cdrtools-cjk %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

Low: Red Hat Bug Fix Advisory: Updated cdrtools packages

Updated cdrtools packages that fix a possible exploit are now available for Red Hat Enterprise Linux 3. Cdrecord is an application for recording audio and data CDs. Cdrecord works with many different brands of CD recorders, fully supports multi-sessions, and provides human-readable error messages...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

CVE-2004-0806

CVE-2004-0806 affects cdrecord in the cdrtools package prior to 2.01, where cdrecord, when installed setuid root, fails to drop privileges before invoking a program specified by the RSH environment variable, enabling a local user to gain privileges. The issue is addressed in cdrtools 2.01 (upstre...

cdrtools: Local root vulnerability in cdrecord if set SUID root

Background The cdrtools package is a set of tools for CD recording, including the popular cdrecord command-line utility. Description Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By default,...

Fedora Core 2 : cdrtools-2.01-0.a27.4.FC2.3 (2004-298)

Anyone who has manually suid /usr/bin/cdrecord should update to this version. https://vulners.com/cve/CVE-2004-0806 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

Fedora Core 1 : cdrtools-2.01-0.a19.2.FC1.1 (2004-297)

Anyone who has manually suid /usr/bin/cdrecord should update to this version. https://vulners.com/cve/CVE-2004-0806 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

CVE-2003-0655

rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges...

CVE-2003-0655

The CVE-2003-0655 entry affects rscsi in cdrtools 2.01 and earlier. The root cause is that a local user can cause arbitrary files to be overwritten and obtain root privileges by supplying the target file as a command-line argument, which is altered while rscsi runs with privileges. The connected ...

SRT2003-08-01-0126.txt

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...