cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00443
Percentile: 0.62409

CVSS Scoring

Affected Products

• cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
• cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*

← Back to Home