VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-0806

CVE-2004-0806

Description

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Cdrtools/Cdrecord2 versions
    cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*
  • Range: <2.01

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.