The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
References
Link | Resource |
---|---|
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-10-18 21:02
Updated : 2024-02-28 10:42
NVD link : CVE-2005-3254
Mitre link : CVE-2005-3254
CVE.ORG link : CVE-2005-3254
JSON object : View
Products Affected
nathan_neulinger
- cgiwrap
CWE