Privilege Escalation in cdrecord (cdrtools package)

Privilege Escalation in cdrecord (cdrtools package)

CVE-2004-0806 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Learn more about our User Device Pen Test.