header-logo
Suggest Exploit
vendor:
Kreatecd
by:
SecurityFocus
7.2
CVSS
HIGH
Path Manipulation
22
CWE
Product Name: Kreatecd
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002

Kreatecd Program for Linux Vulnerability

Kreatecd is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program.

Mitigation:

Restrict access to the kreatecd program and ensure that it is not setuid root.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1061/info

A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19813.tar.gz

Navigation

Suggest Exploit

Services By CQR