CVE-2004-0395

Sažetak

The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.

Reference

http://www.debian.org/security/2004/dsa-509
http://www.securityfocus.com/bid/10437
https://exchange.xforce.ibmcloud.com/vulnerabilities/16273

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

06-12-2004 - 05:00