Lucene search

[email protected]CVE-2003-0289

HistoryJun 16, 2003 - 4:00 a.m.

CVE-2003-0289

2003-06-1604:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0289

cdrecord

cdrtools

scsiopen.c

format string vulnerability

local users

gain privileges

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Affected configurations

NVD

Node

cdrtoolscdrecordMatch1.11

cdrtoolscdrecordMatch2.0

CPENameOperatorVersion
cdrtools:cdrecordcdrtools cdrecordeq1.11
cdrtools:cdrecordcdrtools cdrecordeq2.0

CPE	Name	Operator	Version
cdrtools:cdrecord	cdrtools cdrecord	eq	1.11
cdrtools:cdrecord	cdrtools cdrecord	eq	2.0

References

ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz

forums.gentoo.org/viewtopic.php?t=54904

marc.info/?l=bugtraq&m=105285564307225&w=2

marc.info/?l=bugtraq&m=105286031812533&w=2

www.mandriva.com/security/advisories?name=MDKSA-2003:058

www.securiteam.com/exploits/5ZP0C2AAAC.html

www.securityfocus.com/bid/7565

exchange.xforce.ibmcloud.com/vulnerabilities/12007

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0289

nessus1 cvelist1 nvd1