Red Hat Bugzilla – Bug 132046
CAN-2004-0806; cdrecord vulnerable to local root exploit via RSH if suid root
Last modified: 2007-11-30 17:10:48 EST
cdrecord is vulnerable to a local root exploit via the RSH environment
variable if it is suid root.
This is correct, however we do not install cdrecord suid for just this
reason. I'm removing the security severity since this is technically
a bug, but not a security related issue in a default install.