Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0806 | First vendor Publication | 2004-12-31 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9805 | |||
Oval ID: | oval:org.mitre.oval:def:9805 | ||
Title: | cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. | ||
Description: | cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0806 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-18 (cdrtools) File : nvt/glsa_200409_18.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9779 | cdrecord RSH Environment Variable Local Privilege Escalation CDRTools' cdrecord is vulnerable to an RSH environment variable local privilege escalation vulnerability. This issue is due to cdrecord not dropping privileges before executing a program specified by the user via the "RSH" environment variable. Due to cdrecord being generally installed suid root, an attacker may leverage this behavior to gain superuser privileges on a system running the affected software. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-18.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-297.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-298.nasl - Type : ACT_GATHER_INFO |
2004-09-08 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-091.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:24 |
|
2021-04-22 01:02:33 |
|
2020-05-23 00:15:53 |
|
2017-10-11 09:23:23 |
|
2017-07-11 12:01:30 |
|
2016-04-26 12:53:19 |
|
2014-02-17 10:27:59 |
|
2013-08-07 21:20:05 |
|
2013-05-11 11:43:02 |
|