SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   GATOS Vendors:   gatos.sourceforge.net
GATOS xatitv Privileged System() Call May Let Local Users Gain Root Privileges
SecurityTracker Alert ID:  1010336
SecurityTracker URL:  http://securitytracker.com/id/1010336
CVE Reference:   CVE-2004-0395   (Links to External Site)
Date:  May 30 2004
Impact:   Execution of arbitrary code via local system, Root access via local system

Version(s): 0.0.5, possibly other versions
Description:   A vulnerability was reported in GATOS in 'xatitv.cpp'. A local user may be able to gain root privileges in certain cases.

Debian reported that the software does not properly filter user-supplied environment variables. According to the report, xatitv is installed with set user id (setuid) root privileges and if the configuration file is missing, the application will launch the configuration program via a system() call based on the user-supplied information before dropping root privileges. As a result, a local user may be able to gain root privileges if the configuration file is missing.

Steve Kemp is credited with discovering this flaw.

Impact:   If the configuration file is missing, a local user may be able to gain root privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  gatos.sourceforge.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 30 2004 (Debian Issues Fix) GATOS xatitv Privileged System() Call May Let Local Users Gain Root Privileges
Debian has released a fix.



 Source Message Contents

Subject:  CVE: CVE-2004-0395


CVE: CAN-2004-0395

A vulnerability was reported in the 'xatitv' component of gatos.

According to the report, xatitv is installed with set user id (setuid) root privileges.

The software reportedly does not properly filter user-supplied environment variables.  If 
the configuration file is missing, the application will launch the configuration program 
via a system() call based on the user-supplied information before dropping root 
privileges.  As a result, a local user may be able to gain root privileges if the 
configuration file is missing.

Steve Kemp is credited with discovering this flaw.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC