Vulnerability Details : CVE-2004-0395
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.
Products affected by CVE-2004-0395
- cpe:2.3:a:gatos:gatos:.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0395
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2004-0395
-
http://www.debian.org/security/2004/dsa-509
Debian -- The Universal Operating SystemPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16273
GATOS xatitv program allows elevated privileges CVE-2004-0395 Vulnerability Report
-
http://www.securityfocus.com/bid/10437
Patch;Vendor Advisory
Jump to