CVE-2005-0070

Sažetak

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.

Reference

http://secunia.com/advisories/14300
http://securitytracker.com/id?1013206
http://www.debian.org/security/2005/dsa-681
http://www.securityfocus.com/bid/12546

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-09-2008 - 20:45

Objavljeno

02-05-2005 - 04:00