Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2004-0806
Description:cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Test IDs: 1.3.6.1.4.1.25623.1.0.50404   1.3.6.1.4.1.25623.1.0.52899   1.3.6.1.4.1.25623.1.0.54674   1.3.6.1.4.1.25623.1.0.50572   1.3.6.1.4.1.25623.1.0.51717   1.3.6.1.4.1.25623.1.0.50354  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-0806
BugTraq ID: 11075
http://www.securityfocus.org/bid/11075
Bugtraq: 20040909 Bugtraq: cdrecord local root exploit (Google Search)
http://seclists.org/lists/bugtraq/2004/Sep/0097.html
Bugtraq: 20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh (Google Search)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html
CERT/CC vulnerability note: VU#700326
http://www.kb.cert.org/vuls/id/700326
https://bugzilla.fedora.us/show_bug.cgi?id=2058
http://www.mandriva.com/security/advisories?name=MDKSA-2004:091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805
http://securitytracker.com/id?1011091
http://secunia.com/advisories/12481/
http://secunia.com/advisories/19532
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
XForce ISS Database: cdrecord-rsh-gain-privileges(17303)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17303




© 1998-2024 E-Soft Inc. All rights reserved.