CVE-2004-0806 - OpenCVE

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cdrtools	Cdrecord

Configuration 1 [-]

OR	cpe:2.3:a:cdrtools:cdrecord:1.11:::::::*
	cpe:2.3:a:cdrtools:cdrecord:2.0:::::::*

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://seclists.org/lists/bugtraq/2004/Sep/0097.html	Exploit
http://secunia.com/advisories/12481/	Vendor Advisory
http://secunia.com/advisories/19532
http://securitytracker.com/id?1011091
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html	Exploit
http://www.kb.cert.org/vuls/id/700326	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:091
http://www.securityfocus.org/bid/11075	Exploit Patch
https://bugzilla.fedora.us/show_bug.cgi?id=2058
https://exchange.xforce.ibmcloud.com/vulnerabilities/17303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-14T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2004-08-25T00:00:00

Link: CVE-2004-0806

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-10-11T01:29:34.527

Link: CVE-2004-0806

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "11075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.org/bid/11075"}, {"name": "1011091", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011091"}, {"name": "MDKSA-2004:091", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:091"}, {"name": "20060401-01-U", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"}, {"name": "20040909 Bugtraq: cdrecord local root exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/lists/bugtraq/2004/Sep/0097.html"}, {"name": "20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html"}, {"name": "FLSA:2058", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2058"}, {"name": "VU#700326", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/700326"}, {"name": "19532", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19532"}, {"name": "oval:org.mitre.oval:def:9805", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805"}, {"name": "12481", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12481/"}, {"name": "cdrecord-rsh-gain-privileges(17303)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17303"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0806", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "11075", "refsource": "BID", "url": "http://www.securityfocus.org/bid/11075"}, {"name": "1011091", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011091"}, {"name": "MDKSA-2004:091", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:091"}, {"name": "20060401-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"}, {"name": "20040909 Bugtraq: cdrecord local root exploit", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2004/Sep/0097.html"}, {"name": "20040910 CAU-EX-2004-0002: cdrecord-suidshell.sh", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html"}, {"name": "FLSA:2058", "refsource": "FEDORA", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2058"}, {"name": "VU#700326", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/700326"}, {"name": "19532", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19532"}, {"name": "oval:org.mitre.oval:def:9805", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805"}, {"name": "12481", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12481/"}, {"name": "cdrecord-rsh-gain-privileges(17303)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17303"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0806", "datePublished": "2004-09-14T04:00:00", "dateReserved": "2004-08-25T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "27D890BB-C4B0-43FA-9505-0196578F1B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01E51568-FB38-4D00-8DF4-83E6ECD33A6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges."}], "id": "CVE-2004-0806", "lastModified": "2017-10-11T01:29:34.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/lists/bugtraq/2004/Sep/0097.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/12481/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19532"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011091"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/700326"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:091"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.org/bid/11075"}, {"source": "cve@mitre.org", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2058"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17303"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages.", "lastModified": "2006-08-30T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}