Local exploit exists in cdda2cdr

There is a buffer overflow vulnerability in cdda2cdr distributed with (at least) package cdwtools-0.93-78. This program is sgid disk by default and thus any malicious user who gains disk privs will have r/w access to your entire hard drive(s) in the form of /dev/hd*. This is obviously a quick root compromise. Fixed packages will be available soon from various vendors (probably by the time you read this). Note that this particular overflow does not affect cdda2wav. [from BugTraq]