Vulnerability Details : CVE-2004-2611
The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.
Products affected by CVE-2004-2611
- cpe:2.3:a:steven_schaefer:sophster:0.9.6_r2:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.6_r3:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.5_r8:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.6_r1:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.5_r10:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.5_r12:*:*:*:*:*:*:*
- cpe:2.3:a:steven_schaefer:sophster:0.9.5_r15:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2611
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2611
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2004-2611
Jump to