Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0289

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0289
Last Modified 10 Sep 2008 03:18:33
Published 16 Jun 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0289

Summary

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Vulnerable Systems

Application

  • Cdrtools Cdrecord 1.11

  • Cdrtools Cdrecord 2.0


References

BID - 7565

BUGTRAQ - 20030513 cdrtools2.0 Format String Vulnerability

BUGTRAQ - 20030513 Cdrecord_local_root_exploit.

CONFIRM - ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

XF - cdrtools-scsiopen-format-string(12007)

MISC - http://www.securiteam.com/exploits/5ZP0C2AAAC.html

MANDRAKE - MDKSA-2003:058

GENTOO - 200305-06


Last Updated: 27 May 2016 10:37:50