CVE-2004-0395

Name of the Vulnerable Software and Affected Versions gatos (affected versions not specified) libgatos-dev (affected versions not specified) libgatos0 (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the gatos package and related libraries of the Debian GNU/Linux operating system. These vulnerabilities can be exploited by a local attacker, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The xatitv program within the gatos package fails to properly drop root privileges when the configuration file is missing, allowing local users to execute arbitrary commands via shell metacharacters in a system call.

Recommendations For gatos, consider restricting access to the xatitv program until a patch is available. For libgatos-dev, restrict the use of the library to minimize the risk of exploitation. For libgatos0, avoid using the library in sensitive operations until the issue is resolved. As a temporary workaround, consider disabling the execution of arbitrary commands via shell metacharacters in system calls for all affected packages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.