CVE-2003-0949

Name of the Vulnerable Software and Affected Versions xsok version 1.02

Description The issue allows local users to execute arbitrary commands due to xsok not properly dropping privileges before finding and executing the "gunzip" program. Additionally, there are multiple vulnerabilities in the xsok package of the Debian GNU/Linux operating system that can lead to breaches of confidentiality, integrity, and availability of protected information, which can be exploited by a local attacker.

Recommendations For xsok version 1.02, consider updating to a newer version that properly handles privilege dropping to prevent arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.