Vulnerability Details : CVE-2004-0157
x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.
Vulnerability category: Execute code
Products affected by CVE-2004-0157
- cpe:2.3:a:xonix:xonix:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0157
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0157
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2004-0157
-
http://www.debian.org/security/2004/dsa-484
Debian -- The Universal Operating SystemPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/10149
-
http://securitytracker.com/id?1009789
GoDaddy Domain Name Search
-
http://shellcode.org/Advisories/XONIX.txt
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15873
xonix fails to drop privileges CVE-2004-0157 Vulnerability Report
Jump to