CVE-2004-0395

{"id": "CVE-2004-0395", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-06T05:00:00.000", "references": [{"url": "http://www.debian.org/security/2004/dsa-509", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10437", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16273", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call."}, {"lang": "es", "value": "El programa xatitv del paquete gatos no se quita adecuadamento privilegios de root cuando el fichero de configuraci\u00f3n no existe, lo que permite a usuarios locales ejecutar comandos de su elecci\u00f3n mediante metacaract\u00e9res de shell en una llamada al sistema."}], "lastModified": "2017-07-11T01:30:07.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gatos:gatos:.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A029E5F6-3365-4694-8789-C9C368FCA286"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}