Vulnerability Details : CVE-2013-4376
The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.
Vulnerability category: Execute code
Products affected by CVE-2013-4376
- cpe:2.3:a:x2go:x2go_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:x2go:x2go_server:4.0.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4376
2.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4376
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4376
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4376
-
http://code.x2go.org/gitweb?p=x2goserver.git%3Ba=commit%3Bh=42264c88d7885474ebe3763b2991681ddfcfa69a
-
http://www.openwall.com/lists/oss-security/2013/09/25/11
oss-security - Re: CVE request: X2Go server
-
http://security.gentoo.org/glsa/glsa-201310-19.xml
X2Go Server: Arbitrary code execution (GLSA 201310-19) — Gentoo security
-
http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=42264c88d7885474ebe3763b2991681ddfcfa69a
code.x2go.org Git - x2goserver.git/commitPatch
-
https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html
500 Internal Server ErrorVendor Advisory
Jump to