Vulnerability Description
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cvsup | Cvsup | cvsup-16.1h-2.i386.rpm |
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=107539776002450&w=2
- http://www.securityfocus.com/bid/9523PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14994
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=107539776002450&w=2
- http://www.securityfocus.com/bid/9523PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14994
FAQ
What is CVE-2004-2133?
CVE-2004-2133 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by cau...
How severe is CVE-2004-2133?
CVE-2004-2133 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2133?
Check the references section above for vendor advisories and patch information. Affected products include: Cvsup Cvsup.