CDRTools RSH local exploit v1.7 Vulnerability exploited: CAN-2004-0806 - BID-11075 Category: Exploits/Local This module exploits the cdrecord command when suid root to install a level0 agent with euid=0. cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. This module exploits this vulnerability. Supported Systems: Mandrake Linux 10 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.