CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:bsdmainutils:6.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:bsdmainutils:6.0.14:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=109396230317359&w=2 - () http://marc.info/?l=bugtraq&m=109396230317359&w=2 -
References () http://www.securityfocus.com/bid/11077 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/11077 - Exploit, Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17162 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17162 -

Information

Published : 2004-10-20 04:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-0793

Mitre link : CVE-2004-0793

CVE.ORG link : CVE-2004-0793


JSON object : View

Products Affected

debian

  • bsdmainutils
CWE
CWE-264

Permissions, Privileges, and Access Controls