CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nathan_neulinger:cgiwrap:2.0::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.1::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.2::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.3::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.4::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.5::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.1::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.2::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.0::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.5::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.7::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.21::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.8::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:1.0::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.2::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.7.1::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.4::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.1::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.23::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.5::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.4::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.24::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.7::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.22::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.3::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:2.6::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.3::debian_gnu_linux:::::
	cpe:2.3:a:nathan_neulinger:cgiwrap:3.11::debian_gnu_linux:::::

Information

Published : 2005-10-18 14:02

Updated : 2008-09-05 13:53

NVD link : CVE-2005-3254

Mitre link : CVE-2005-3254

JSON object : View

CWE

NVD-CWE-Other

Products Affected

nathan_neulinger

cgiwrap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html", "name": "[secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3254", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-10-18T21:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.0:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.1:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.2:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.3:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.4:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.5:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.1:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.2:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.0:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.5:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.7:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.21:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.8:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:1.0:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.2:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.7.1:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.4:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.1:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.23:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.5:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.4:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.24:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.7:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.22:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.3:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:2.6:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.3:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nathan_neulinger:cgiwrap:3.11:*:debian_gnu_linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:53Z"}

10.0 /10