Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3254

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3254
Last Modified 05 Sep 2008 04:53:52
Published 18 Oct 2005 05:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3254

Summary

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.

Vulnerable Systems

Application

  • Nathan Neulinger Cgiwrap 1.0

  • Nathan Neulinger Cgiwrap 2.0

  • Nathan Neulinger Cgiwrap 2.1

  • Nathan Neulinger Cgiwrap 2.2

  • Nathan Neulinger Cgiwrap 2.3

  • Nathan Neulinger Cgiwrap 2.4

  • Nathan Neulinger Cgiwrap 2.5

  • Nathan Neulinger Cgiwrap 2.6

  • Nathan Neulinger Cgiwrap 2.7

  • Nathan Neulinger Cgiwrap 3.0

  • Nathan Neulinger Cgiwrap 3.1

  • Nathan Neulinger Cgiwrap 3.11

  • Nathan Neulinger Cgiwrap 3.2

  • Nathan Neulinger Cgiwrap 3.21

  • Nathan Neulinger Cgiwrap 3.22

  • Nathan Neulinger Cgiwrap 3.23

  • Nathan Neulinger Cgiwrap 3.24

  • Nathan Neulinger Cgiwrap 3.3

  • Nathan Neulinger Cgiwrap 3.4

  • Nathan Neulinger Cgiwrap 3.5

  • Nathan Neulinger Cgiwrap 3.6

  • Nathan Neulinger Cgiwrap 3.6.1

  • Nathan Neulinger Cgiwrap 3.6.2

  • Nathan Neulinger Cgiwrap 3.6.3

  • Nathan Neulinger Cgiwrap 3.6.4

  • Nathan Neulinger Cgiwrap 3.6.5

  • Nathan Neulinger Cgiwrap 3.7

  • Nathan Neulinger Cgiwrap 3.7.1

  • Nathan Neulinger Cgiwrap 3.8


References

MLIST - [secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities


Last Updated: 27 May 2016 10:40:52