CVE-2003-0289
published 2003-06-16CVE-2003-0289: Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev…
PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.06%
60.3th percentile
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cdrtools | cdrecord | — | — |
| cdrtools | cdrecord | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CDRTools CDRecord 2.0 (Mandrake / Slackware) - Local Privilege Escalation
exploitdb·2003-05-14
CVE-2003-0289 CDRTools CDRecord 2.0 (Mandrake / Slackware) - Local Privilege Escalation
CDRTools CDRecord 2.0 (Mandrake / Slackware) - Local Privilege Escalation
---
#!/usr/bin/perl
###########################################################
# Cdrecord version 2.0 and < local root exploit.
#
#
# [wsxz@localhost buffer]$ perl priv8cdr.pl 4
# Using target number 4
# Using Mr .dtors 0x808c82c
# Cdrecord 2.0 (i586-mandrake-linux-gnu)
#
# scsibus: -1 target: -1 lun: -1
# Warning: Open by 'devname' is unintentional and not supported.
# /usr/bin/cdrecord: No such file or directory. Cannot open '. Cannot open SCSI driver.
# /usr/bin/cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
# /usr/bin/cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
# sh-2.05b# id
# uid=0(root) gid=0(root) groups=503(wsxz)
# sh-2.05b#
#######################
Exploit-DB
CDRTools CDRecord 1.11/2.0 - Devname Format String
exploitdb·2003-05-13
CVE-2003-0289 CDRTools CDRecord 1.11/2.0 - Devname Format String
CDRTools CDRecord 1.11/2.0 - Devname Format String
---
// source: https://www.securityfocus.com/bid/7565/info
CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function.
It has been reported that by harnessing an unsupported feature of the CDRecord utility, an attacker may supply format string specifiers as the 'dev' argument passed to the vulnerable utility.
This may ultimately result in the execution of attacker-supplied code in the context of the CDRecord utility. It has been reported that CDRecord is installed setUID root on several distributions.
It should be noted that although this vulnerability has been reported to affect CDRecord version 2.0 previous versions might al
No writeups or analysis indexed.
ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gzhttp://forums.gentoo.org/viewtopic.php?t=54904http://marc.info/?l=bugtraq&m=105285564307225&w=2http://marc.info/?l=bugtraq&m=105286031812533&w=2http://www.mandriva.com/security/advisories?name=MDKSA-2003:058http://www.securiteam.com/exploits/5ZP0C2AAAC.htmlhttp://www.securityfocus.com/bid/7565https://exchange.xforce.ibmcloud.com/vulnerabilities/12007ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gzhttp://forums.gentoo.org/viewtopic.php?t=54904http://marc.info/?l=bugtraq&m=105285564307225&w=2http://marc.info/?l=bugtraq&m=105286031812533&w=2http://www.mandriva.com/security/advisories?name=MDKSA-2003:058http://www.securiteam.com/exploits/5ZP0C2AAAC.htmlhttp://www.securityfocus.com/bid/7565https://exchange.xforce.ibmcloud.com/vulnerabilities/12007
2003-06-16
Published