PT-2003-1496 · Cdrtools · Cdrtools
Yjm01
·
Published
2003-05-14
·
Updated
2017-07-11
·
CVE-2003-0289
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
cdrtools version 2.0
Description:
The issue is related to a format string vulnerability in the scsiopen.c file of the cdrecord program. This vulnerability allows local users to gain privileges by using format string specifiers in the
dev parameter.Recommendations:
For cdrtools version 2.0, update to a newer version that contains a fix for this issue to prevent local users from gaining privileges.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cdrtools