Bug 33756 (CVE-2003-0289) - VUL-0: CVE-2003-0289: security issues in cdrecord
Summary: VUL-0: CVE-2003-0289: security issues in cdrecord
Status: RESOLVED FIXED
Alias: CVE-2003-0289
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: i386 Linux
: P3 - Medium : Major
Target Milestone: ---
Assignee: Vladimir Nadvornik
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0289: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2002-09-02 22:39 UTC by Olaf Kirch
Modified: 2021-09-28 08:20 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Would have sworn I'd added it. Sorry. (1.08 KB, patch)
2002-09-03 18:32 UTC, Olaf Kirch 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Kirch 2002-09-02 22:39:47 UTC 
There are several format strings bugs in cdrecord that allow local users
to obtain root privileges.
A patch is attached.

 #1     $ touch 1.wav
        $ cdrecord -d dev=REMOTE:user@%p%plocalhost:sg0:0,0,0 1.wav
        ...
        cdrecord: locuser: 'okir' rscsiuser: 'user' host: 
'A2730BFFFCEAClocalhost'

 #2     $ cdrecord -d dev=%p%p%psg0:0,0,0 1.wav
        ...
        cdrecord: No such file or directory. Cannot open 
'0BFFFD054BFFFD044sg0'.
 #3     somewhere in scg_sprbytes; probably exploitable if you
        have a cd writer but not otherwise
Comment 1 Vladimir Nadvornik 2002-09-03 18:29:59 UTC 
I don't see any attached patch
Comment 2 Olaf Kirch 2002-09-03 18:32:39 UTC 
Created attachment 10341 [details]
Would have sworn I'd added it. Sorry.
Comment 3 Vladimir Nadvornik 2002-09-03 20:13:14 UTC 
The patch is added to STABLE. 
I don't think it worth to put it to older releases, 
because it has no suid by default.
Comment 4 Marcus Meissner 2007-03-24 15:47:58 UTC 
CVE-2003-0289
Comment 5 Thomas Biege 2009-10-13 19:40:39 UTC 
CVE-2003-0289: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)