CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-2133

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.9%

CVSS Severity

CVSS v2 Score 4.6

References

http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html
http://marc.info/?l=bugtraq&m=107539776002450&w=2
http://www.securityfocus.com/bid/9523
https://exchange.xforce.ibmcloud.com/vulnerabilities/14994
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html
http://marc.info/?l=bugtraq&m=107539776002450&w=2
http://www.securityfocus.com/bid/9523
https://exchange.xforce.ibmcloud.com/vulnerabilities/14994

Products affected by CVE-2004-2133

Cvsup » Cvsup » Version: cvsup-16.1h-2.i386.rpm

cpe:2.3:a:cvsup:cvsup:cvsup-16.1h-2.i386.rpm
Cvsup » Cvsup » Version: cvsup-16.1h-36.i586.rpm

cpe:2.3:a:cvsup:cvsup:cvsup-16.1h-36.i586.rpm
Cvsup » Cvsup » Version: cvsup-16.1h-43.i586.rpm

cpe:2.3:a:cvsup:cvsup:cvsup-16.1h-43.i586.rpm

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2133

Products

Pricing

Contact Us