CVE-2004-0793

UNRATED

Description

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.

Affected products

Debian / bsdmainutils6.0 – 6.0
Debian / bsdmainutils6.0.1 – 6.0.1
Debian / bsdmainutils6.0.2 – 6.0.2
Debian / bsdmainutils6.0.3 – 6.0.3
Debian / bsdmainutils6.0.4 – 6.0.4
Debian / bsdmainutils6.0.5 – 6.0.5
Debian / bsdmainutils6.0.6 – 6.0.6
Debian / bsdmainutils6.0.7 – 6.0.7
Debian / bsdmainutils6.0.8 – 6.0.8
Debian / bsdmainutils6.0.9 – 6.0.9
Debian / bsdmainutils6.0.10 – 6.0.10
Debian / bsdmainutils6.0.11 – 6.0.11
Debian / bsdmainutils6.0.12 – 6.0.12
Debian / bsdmainutils6.0.13 – 6.0.13
Debian / bsdmainutils6.0.14 – 6.0.14

References

MISChttp://www.securityfocus.com/bid/11077
MAILING_LISThttp://marc.info/?l=bugtraq&m=109396230317359&w=2
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17162