Lucene search

[email protected]CVE-2004-2372

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2372

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2372

buffer overflow

bochs

security vulnerability

setuid

nvd

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

CPENameOperatorVersion
bochs_project:bochsbochs project bochslt2.1.1

CPE	Name	Operator	Version
bochs_project:bochs	bochs project bochs	lt	2.1.1

References

securitytracker.com/id?1009219

sourceforge.net/project/shownotes.php?release_id=215733

www.securiteam.com/unixfocus/5XP0L1FC0M.html

exchange.xforce.ibmcloud.com/vulnerabilities/15309

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2004-2372

debiancve1