3 matches found
CVE-2004-2303
CVE-2004-2303 affects MTools Mformat prior to 3.9.9. When installed setuid root, mformat can create files with world-readable and world-writable permissions, enabling local users to read and overwrite files. Root cause is the setuid root usage and permissive file creation. In Mandrake/MKSA adviso...
CVE-2004-2303
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files...
Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)
Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat. %NASLMINLEVEL 70300 C Tenable...