Vulnerability Description
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Slashem-Tty | 0.0.6e.4f.8 |
Related Weaknesses (CWE)
References
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html
- http://www.iss.net/security_center/static/11979.php
- http://www.securityfocus.com/archive/1/321001
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html
- http://www.iss.net/security_center/static/11979.php
- http://www.securityfocus.com/archive/1/321001
FAQ
What is CVE-2003-1474?
CVE-2003-1474 is a vulnerability with a CVSS score of 7.2 (HIGH). slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary co...
How severe is CVE-2003-1474?
CVE-2003-1474 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1474?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Slashem-Tty.