PT-2004-1861 · Bsd · Bsdmainutils

Published

2004-09-14

Updated

2017-07-11

CVE-2004-0793

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions bsdmainutils versions 6.0 through 6.0.14

Description The calendar program in bsdmainutils does not drop root privileges when executed with the -a flag. This allows attackers to execute arbitrary commands via a calendar event file.

Recommendations For bsdmainutils versions 6.0 through 6.0.14, consider disabling the execution of the calendar program with the -a flag until a patch is available. Restrict access to calendar event files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2004-0793

Affected Products

Bsdmainutils

PT-2004-1861 · Bsd · Bsdmainutils

CVE-2004-0793

Weakness Enumeration

Related Identifiers

Affected Products

References · 7