CVE-2005-3254 — HIGH (10.0)

Vulnerability Description

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Nathan Neulinger	Cgiwrap	1.0

References

http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000PatchVendor Advisory
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000PatchVendor Advisory

FAQ

What is CVE-2005-3254?

CVE-2005-3254 is a vulnerability with a CVSS score of 10.0 (HIGH). The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code...

How severe is CVE-2005-3254?

CVE-2005-3254 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-3254?

Check the references section above for vendor advisories and patch information. Affected products include: Nathan Neulinger Cgiwrap.