CVE-2005-0866
published 2005-05-02CVE-2005-0866: cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
PriorityP48low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.31%
22.6th percentile
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cdrtools | cdrecord | <= 2.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
A number of tomcat issues
bugzilla·2007-05-09·CVSS 5.0
CVE-2005-3164 [MEDIUM] A number of tomcat issues
A number of tomcat issues
A number of issues affected tomcat 4.0.6 as distributed with Stronghold. Most
of these are minor severity, all need triaging:
http://tomcat.apache.org/security-4.html
Information disclosure CVE-2005-3164
Information disclosure CVE-2005-2090
Directory traversal CVE-2007-0450
Cross-site scripting CVE-2007-1358
Cross-site scripting CVE-2006-7196
Directory listing CVE-2006-3835
Cross-site scripting CVE-2005-4838
Denial of service CVE-2005-3510
Denial of service CVE-2003-0866
Information disclosure CVE-2002-2006
Discussion:
closing; Stronghold has reached end of life.
Bugzilla
CVE-2004-0813 SG_IO unsafe user command execution
bugzilla·2007-03-13·CVSS 7.2
CVE-2004-0813 [HIGH] CVE-2004-0813 SG_IO unsafe user command execution
CVE-2004-0813 SG_IO unsafe user command execution
bug 133098 describes a flaw in the way the kernel handles certain SG_IO
commands. A user who has access to a /dev/sg file, can do scary things they
shouldn't be able to. In RHEL3 we currently give the console user read/write
access to /dev/sg devices which are also recordable CD drives. This is
obviously a problem.
Fixing this in the kernel will be nearly impossible given how the RHEL3 kernel
works. We can however fix it by changing the way cdrecord works.
If we use consolehelper to launch cdrecord, the end user should notice no change
in behavior, and will allow us to control who is able to execute cdrecord as the
root user.
Discussion:
If we set cdrecord to be setuid root, we will need to add the patch for
CVE-2004-0806, which could
2005-05-02
Published