CVE-2002-0137
published 2002-03-25CVE-2002-0137: CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
PriorityP419high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.75%
50.4th percentile
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| andreas_mueller | cdrdao | — | — |
| andreas_mueller | cdrdao | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)
exploitdb·2002-01-13
CVE-2002-0137 CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)
---
source: https://www.securityfocus.com/bid/3865/info
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller.
When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
#!/bin/sh
DIR=`pwd`
echo ""
echo "cdrdao local root exploit - gr
Exploit-DB
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (1)
exploitdb·2002-01-13
CVE-2002-0137 CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (1)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (1)
---
source: https://www.securityfocus.com/bid/3865/info
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller.
When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
#!/bin/sh
if [ "$1" ]; then
cat > /tmp/t.c
int main()
{
int i;
w
Exploit-DB
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)
exploitdb·2002-01-13
CVE-2002-0137 CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)
---
source: https://www.securityfocus.com/bid/3865/info
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller.
When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
#!/bin/bash
## cdrdaohack.sh by Jens "atomi" Steube
ROOTEXECDIR
Exploit-DB
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)
exploitdb·2002-01-13
CVE-2002-0137 CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)
---
source: https://www.securityfocus.com/bid/3865/info
CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller.
When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory, the file is saved with root ownership. Additionally, CDRDAO does not check for the previous existence of this file. Since the cdrdao executable is typically installed setuid root, it is possible for a user to create this file as a symbolic link, which could result in the overwriting of root-owned files, or potentially allow the user execute commands as root.
#!/bin/sh
# cdrdao local root exploit
# newbug [at] chroot.org
#
No writeups or analysis indexed.
2002-03-25
Published