CVE-2005-3254

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-3254
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nathan_neulinger:cgiwrap:1.0:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.0:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.1:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.2:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.3:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.4:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.5:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.6:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:2.7:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.0:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.1:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.2:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.3:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.4:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.5:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.1:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.2:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.3:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.4:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.5:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.7:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.7.1:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.8:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.11:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.21:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.22:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.23:*:debian_gnu_linux:*:*:*:*:*
cpe:2.3:a:nathan_neulinger:cgiwrap:3.24:*:debian_gnu_linux:*:*:*:*:*
History

No history.

Information

Published : 2005-10-18 21:02

Updated : 2024-02-04 16:52

NVD link : CVE-2005-3254

Mitre link : CVE-2005-3254

CVE.ORG link : CVE-2005-3254

JSON object : View

Products Affected

nathan_neulinger

  • cgiwrap
CWE
NVD-CWE-Other