Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2372

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2372
Last Modified 05 Sep 2008 04:43:57
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2372

Summary

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

Vulnerable Systems

Application

  • Bochs 2.0.2

  • Bochs 2.1

  • Bochs 2.1 Pre1

  • Bochs 2.1 Pre2


References

XF - bochs-home-bo(15309)

MISC - http://www.securiteam.com/unixfocus/5XP0L1FC0M.html

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=215733

SECTRACK - 1009219


Last Updated: 27 May 2016 10:39:26