Vulnerability Description
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gatos | Gatos | .5 |
References
- http://www.debian.org/security/2004/dsa-509PatchVendor Advisory
- http://www.securityfocus.com/bid/10437PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16273
- http://www.debian.org/security/2004/dsa-509PatchVendor Advisory
- http://www.securityfocus.com/bid/10437PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16273
FAQ
What is CVE-2004-0395?
CVE-2004-0395 is a vulnerability with a CVSS score of 7.2 (HIGH). The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacte...
How severe is CVE-2004-0395?
CVE-2004-0395 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0395?
Check the references section above for vendor advisories and patch information. Affected products include: Gatos Gatos.