Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com. Removal of the setuid bit on the kreatecd program is recommended as a solution.
Halloween Linux 4.0,S.u.S.E. Linux 6.0/6.1/6.2/6.3 kreatecd Vulnerability (EDBID:19813)
A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program.