CVE-2003-0289 Information

Description

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Reference

ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz http://forums.gentoo.org/viewtopic.php?t=54904 http://marc.info/?l=bugtraq&m=105285564307225&w=2 http://marc.info/?l=bugtraq&m=105286031812533&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:058 http://www.securiteam.com/exploits/5ZP0C2AAAC.html http://www.securityfocus.com/bid/7565 https://exchange.xforce.ibmcloud.com/vulnerabilities/12007