Vulnerability Details CVE-2004-2303
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v2 Score 3.6
References
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.securityfocus.com/bid/9746
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.securityfocus.com/bid/9746
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317
Products affected by CVE-2004-2303
-
cpe:2.3:a:mtools:mformat:3.9.1
-
cpe:2.3:a:mtools:mformat:3.9.2
-
cpe:2.3:a:mtools:mformat:3.9.3
-
cpe:2.3:a:mtools:mformat:3.9.4
-
cpe:2.3:a:mtools:mformat:3.9.5
-
cpe:2.3:a:mtools:mformat:3.9.6
-
cpe:2.3:a:mtools:mformat:3.9.7
-
cpe:2.3:a:mtools:mformat:3.9.8
-
cpe:2.3:a:mtools:mformat:3.9.9