Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CDRDAO Home目录配置文件符号链接漏洞
Vulnerability Description
CDRDAO是一个运行于Linux和Unix操作系统的免费、开放源码的CD刻录软件包。它由Andreas Mueller维护。 当CDRDAO保存它的配置文件.cdrdao到用户的home目录,文件以root所有权保存。在保存配置文件时,CDRDAO没有检查以前是否存在这个文件($HOME/.cdrdao)。而CDRDAO执行程序通常以setuid root安装,如果用户给这个文件建立一个符号链接,将可能覆盖root属主的文件甚至可能以root身份执行命令。
CVSS Information
N/A
Vulnerability Type
N/A