CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Date published : 2004-09-14

http://www.securityfocus.org/bid/11075

http://seclists.org/lists/bugtraq/2004/Sep/0097.html