Lucene search
HistoryDec 06, 2004 - 5:00 a.m.
CVE-2004-0395
cve-2004-0395
xatitv
gatos package
privilege escalation
arbitrary commands
nvd
7.1 High
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gatos:gatos | gatos | eq | .5 |
Related
securityvulns
securityvulns
[SECURITY] [DSA 509-1] New gatos packages fix privilege escalation
2004-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2004-0395
2004-12-06 00:00:00
debiancve
debiancve
CVE-2004-0395
2004-12-06 05:00:00
openvas
openvas
Debian Security Advisory DSA 509-1 (gatos)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-509-1 : gatos - privilege escalation
2004-09-29 00:00:00
debian
debian
[SECURITY] [DSA 509-1] New gatos packages fix privilege escalation
2004-05-29 20:22:35
osv
osv
gatos - privilege escalation
2004-05-29 00:00:00
7.1 High
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Related for CVE-2004-0395