Red Hat Errata System 5.3 2008-01-23T07:17:50 Red Hat Enterprise Linux 3 Cdrecord is an application for recording audio and data CDs. Cdrecord works with many different brands of CD recorders, fully supports multi-sessions, and provides human-readable error messages. The cdrecord package on Red Hat Enterprise Linux does not require setuid root for use by normal users. The permissions of the writer device are changed by pam_console_apply at console login. Setting the uid of cdrecord to root opens a vulnerability to possible exploitation. All users of cdrecord that setuid root should upgrade to these updated packages, which resolve this issue. Copyright 2005 Red Hat, Inc. CVE-2004-0806 cpe://redhat:enterprise_linux:3