CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andreas_mueller | cdrdao | 1.1.4 |
| andreas_mueller | cdrdao | 1.1.5 |
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andreas_mueller | cdrdao | 1.1.4 |
| andreas_mueller | cdrdao | 1.1.5 |