CVE-2003-0289

cdrecord <2.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0289. PoCs published by anonymous, CMN.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in Cdrecord versions 2.0 and earlier to achieve local privilege escalation by overwriting the .dtors or GOT exit address with shellcode.

Description

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by anonymous · perllocallinux

https://www.exploit-db.com/exploits/31

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in Cdrecord versions 2.0 and earlier to achieve local privilege escalation by overwriting the .dtors or GOT exit address with shellcode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Cdrecord 2.0 and earlier

No auth needed

Prerequisites: Local access to the system · Cdrecord binary must be setuid root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by CMN · clocallinux

https://www.exploit-db.com/exploits/22594

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in CDRecord (cdrtools 2.0) to achieve arbitrary code execution. It crafts a malicious 'dev' argument to overwrite memory addresses and execute shellcode, targeting setuid-root binaries like cdrecord, readcd, and cdda2wav.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: cdrtools 2.0 (cdrecord, readcd, cdda2wav)

No auth needed

Prerequisites: Target system with vulnerable cdrtools 2.0 installed · Binary must be setuid-root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Various Sources vendor-advisory x_refsource_gentoo

http://forums.gentoo.org/viewtopic.php?t=54904

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7565

Various Sources x_refsource_confirm

ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

Various Sources x_refsource_misc

http://www.securiteam.com/exploits/5ZP0C2AAAC.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105285564307225&w=2

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2003:058

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105286031812533&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/12007

Scores

EPSS 0.0106

EPSS Percentile 60.1%

Details

Status published

Products (2)

cdrtools/cdrecord 1.11

cdrtools/cdrecord 2.0

Published Jun 16, 2003

Tracked Since Feb 18, 2026