Vendor

Cdrtools

Products

CVEs

Across products

Status

Private

Products

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2004-0806	0.03	—	0.01	Dec 31, 2004	cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
CVE-2003-0655	0.03	—	0.00	Aug 27, 2003	rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
CVE-2003-0289	0.03	—	0.00	Jun 16, 2003	Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
CVE-2005-0866	0.00	—	0.00	May 2, 2005	cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVE-2004-0806Dec 31, 2004
risk 0.03cvss —epss 0.01
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
CVE-2003-0655Aug 27, 2003
risk 0.03cvss —epss 0.00
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
CVE-2003-0289Jun 16, 2003
risk 0.03cvss —epss 0.00
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
CVE-2005-0866May 2, 2005
risk 0.00cvss —epss 0.00
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.