Lucene search

[email protected]CVE-2004-2133

HistoryMay 27, 2005 - 4:00 a.m.

CVE-2004-2133

2005-05-2704:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2133

cvsup

elf rpath

arbitrary code execution

suse linux

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.

Affected configurations

NVD

Node

cvsupcvsupMatchcvsup-16.1h-2.i386.rpm

cvsupcvsupMatchcvsup-16.1h-36.i586.rpm

cvsupcvsupMatchcvsup-16.1h-43.i586.rpm

CPENameOperatorVersion
cvsup:cvsupcvsupeqcvsup-16.1h-2.i386.rpm
cvsup:cvsupcvsupeqcvsup-16.1h-36.i586.rpm
cvsup:cvsupcvsupeqcvsup-16.1h-43.i586.rpm

CPE	Name	Operator	Version
cvsup:cvsup	cvsup	eq	cvsup-16.1h-2.i386.rpm
cvsup:cvsup	cvsup	eq	cvsup-16.1h-36.i586.rpm
cvsup:cvsup	cvsup	eq	cvsup-16.1h-43.i586.rpm

References

archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html

marc.info/?l=bugtraq&m=107539776002450&w=2

www.securityfocus.com/bid/9523

exchange.xforce.ibmcloud.com/vulnerabilities/14994

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-2133

nvd1 cvelist1