CVE-2004-0806

cdrecord <2.01 - Privilege Escalation

Title source: llm

Description

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Max Vozeler · bashlocallinux

https://www.exploit-db.com/exploits/469

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by I)ruid · bashlocallinux

https://www.exploit-db.com/exploits/438

View Code ZIP pw:eip

References (12)

[Exploit] http://seclists.org/lists/bugtraq/2004/Sep/0097.html

[Vendor Advisory] http://secunia.com/advisories/12481/

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1011091

[Exploit] http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/700326

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:091

[Exploit, Patch] http://www.securityfocus.org/bid/11075

[Issue Tracking] https://bugzilla.fedora.us/show_bug.cgi?id=2058

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17303

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805

[Third Party Advisory] http://secunia.com/advisories/19532

Scores

EPSS 0.0097

EPSS Percentile 76.7%

Details

Status published

Products (2)

cdrtools/cdrecord 1.11

cdrtools/cdrecord 2.0

Published Dec 31, 2004

Tracked Since Feb 18, 2026