Vulnerability Description
x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xonix | Xonix | <= 1.4 |
References
- http://secunia.com/advisories/11382
- http://securitytracker.com/id?1009789
- http://shellcode.org/Advisories/XONIX.txt
- http://www.debian.org/security/2004/dsa-484PatchVendor Advisory
- http://www.osvdb.org/5358
- http://www.securityfocus.com/bid/10149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15873
- http://secunia.com/advisories/11382
- http://securitytracker.com/id?1009789
- http://shellcode.org/Advisories/XONIX.txt
- http://www.debian.org/security/2004/dsa-484PatchVendor Advisory
- http://www.osvdb.org/5358
- http://www.securityfocus.com/bid/10149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15873
FAQ
What is CVE-2004-0157?
CVE-2004-0157 is a vulnerability with a CVSS score of 4.6 (MEDIUM). x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a maliciou...
How severe is CVE-2004-0157?
CVE-2004-0157 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0157?
Check the references section above for vendor advisories and patch information. Affected products include: Xonix Xonix.