CDRTools RSH Environment Variable Privilege Escalation Vulnerability

CDRTools RSH Environment Variable Privilege Escalation Vulnerability

No exploit is required to leverage this issue. Proof-of-concept examples have been provided by newbug Tseng <newbug@chroot.org> and I)ruid [CAU].

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

/data/vulnerabilities/exploits/cdr-exp.sh
/data/vulnerabilities/exploits/cdrecord-suidshell.sh
/data/vulnerabilities/exploits/readcd-exp.sh