Bug 33756 (CVE-2003-0289)

Summary: VUL-0: CVE-2003-0289: security issues in cdrecord
Product: [Novell Products] SUSE Security Incidents Reporter: Olaf Kirch <okir>
Component: IncidentsAssignee: Vladimir Nadvornik <nadvornik>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: i386   
OS: Linux   
Whiteboard: CVE-2003-0289: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Would have sworn I'd added it. Sorry.

Description Olaf Kirch 2002-09-02 22:39:47 UTC 
There are several format strings bugs in cdrecord that allow local users
to obtain root privileges.
A patch is attached.

 #1     $ touch 1.wav
        $ cdrecord -d dev=REMOTE:user@%p%plocalhost:sg0:0,0,0 1.wav
        ...
        cdrecord: locuser: 'okir' rscsiuser: 'user' host: 
'A2730BFFFCEAClocalhost'

 #2     $ cdrecord -d dev=%p%p%psg0:0,0,0 1.wav
        ...
        cdrecord: No such file or directory. Cannot open 
'0BFFFD054BFFFD044sg0'.
 #3     somewhere in scg_sprbytes; probably exploitable if you
        have a cd writer but not otherwise
Comment 1 Vladimir Nadvornik 2002-09-03 18:29:59 UTC 
I don't see any attached patch
Comment 2 Olaf Kirch 2002-09-03 18:32:39 UTC 
Created attachment 10341 [details]
Would have sworn I'd added it. Sorry.
Comment 3 Vladimir Nadvornik 2002-09-03 20:13:14 UTC 
The patch is added to STABLE. 
I don't think it worth to put it to older releases, 
because it has no suid by default.
Comment 4 Marcus Meissner 2007-03-24 15:47:58 UTC 
CVE-2003-0289
Comment 5 Thomas Biege 2009-10-13 19:40:39 UTC 
CVE-2003-0289: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)