Oval Definition:oval:org.mitre.oval:def:9805
Revision Date:2013-04-29Version:11
Title:cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Description:cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0806
Platform(s):CentOS Linux 3
Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • mkisofs is earlier than 8:2.01.0.a32-0.EL3.2
  • OR cdrecord is earlier than 8:2.01.0.a32-0.EL3.2
  • OR cdrtools is earlier than 8:2.01.0.a32-0.EL3.2
  • OR cdrecord-devel is earlier than 8:2.01.0.a32-0.EL3.2
  • BACK