redhat · CVE-2004-0806

Quick triage

Priority: low Published: 2004-09-09 00:00:00 UTC Updated: 2004-09-09 00:00:00 UTC

View at Official redhat advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Description:

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

cvelogic Threat Intelligence