Lucene search
HistoryFeb 03, 2004 - 5:00 a.m.
CVE-2003-0949
cve-2003-0949
xsok
privilege escalation
vulnerability
gunzip
arbitrary commands
nvd
6.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
xsok 1.02 does not properly drop privileges before finding and executing the “gunzip” program, which allows local users to execute arbitrary commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| michael_bischoff:xsok | michael bischoff xsok | eq | 1.02 |
Related
debian
debian
[SECURITY] [DSA 405-1] New xsok packages fix local group games exploit
2003-12-30 09:46:24
[SECURITY] [DSA 405-1] New xsok packages fix local group games exploit
2003-12-30 09:46:24
ubuntucve
ubuntucve
CVE-2003-0949
2004-02-03 00:00:00
osv
osv
xsok - missing privilege release
2003-12-30 00:00:00
openvas
openvas
Debian Security Advisory DSA 405-1 (xsok)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-405)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2003-0949
2004-02-03 05:00:00
CVE-2004-0074
2004-02-17 05:00:00
cve
cve
CVE-2004-0074
2004-02-17 05:00:00
nessus
nessus
Debian DSA-405-1 : xsok - missing privilege release
2004-09-29 00:00:00
6.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2003-0949