PT-2004-2193 · Unknown · Changepassword
Publicado
2004-12-22
·
Atualizado
2017-07-11
·
CVE-2004-1263
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
ChangePassword version 0.8
Description:
The issue allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program, specifically affecting the changepassword.cgi script in ChangePassword.
Recommendations:
For ChangePassword version 0.8, consider removing the setuid installation to prevent exploitation until a proper fix is available. As a temporary workaround, restrict access to the changepassword.cgi script to minimize the risk of arbitrary code execution.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Changepassword