Vulnerability Description
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cdrtools | Cdrecord | 1.11 |
References
- ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
- http://forums.gentoo.org/viewtopic.php?t=54904
- http://marc.info/?l=bugtraq&m=105285564307225&w=2
- http://marc.info/?l=bugtraq&m=105286031812533&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:058
- http://www.securiteam.com/exploits/5ZP0C2AAAC.html
- http://www.securityfocus.com/bid/7565ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12007
- ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
- http://forums.gentoo.org/viewtopic.php?t=54904
- http://marc.info/?l=bugtraq&m=105285564307225&w=2
- http://marc.info/?l=bugtraq&m=105286031812533&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:058
- http://www.securiteam.com/exploits/5ZP0C2AAAC.html
- http://www.securityfocus.com/bid/7565ExploitPatchVendor Advisory
FAQ
What is CVE-2003-0289?
CVE-2003-0289 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
How severe is CVE-2003-0289?
CVE-2003-0289 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0289?
Check the references section above for vendor advisories and patch information. Affected products include: Cdrtools Cdrecord.