cdrecord in the cdrtools package prior to 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cdrtools cdrecord 1.11 |
||
cdrtools cdrecord 2.0 |