Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1474

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-1474
Last Modified 05 Sep 2008 04:37:01
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-1474

Summary

slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.

Vulnerable Systems

Application

  • Freebsd Slashem-tty 0.0.6e.4f.8


References

BUGTRAQ - 20030508 ltris-and-slashem-tty possible trouble

XF - slashem-tty-insecure-permissions(11979)

FULLDISC - 20030509 ltris-and-slashem-tty possible trouble


Last Updated: 27 May 2016 10:38:22