Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0793

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0793
Last Modified 11 Jan 2013 12:00:00
Published 20 Oct 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0793

Summary

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.

Vulnerable Systems

Operating System

  • Debian Linux 6.0

  • Debian Linux 6.0.14

Application

  • Debian Bsdmainutils 6.0

  • Debian Bsdmainutils 6.0.1

  • Debian Bsdmainutils 6.0.10

  • Debian Bsdmainutils 6.0.11

  • Debian Bsdmainutils 6.0.12

  • Debian Bsdmainutils 6.0.13

  • Debian Bsdmainutils 6.0.14

  • Debian Bsdmainutils 6.0.2

  • Debian Bsdmainutils 6.0.3

  • Debian Bsdmainutils 6.0.4

  • Debian Bsdmainutils 6.0.5

  • Debian Bsdmainutils 6.0.6

  • Debian Bsdmainutils 6.0.7

  • Debian Bsdmainutils 6.0.8

  • Debian Bsdmainutils 6.0.9


References

XF - bsdmainutils-calendar-gain-privileges(17162)

BID - 11077

BUGTRAQ - 20040830 Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable)


Last Updated: 27 May 2016 11:01:36