4.6

CVE-2004-2133

Exploit

EPSS 0.08%
Published 29.01.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Cvsup ≫ Cvsup Versioncvsup-16.1h-2.i386.rpm

Cvsup ≫ Cvsup Versioncvsup-16.1h-36.i586.rpm

Cvsup ≫ Cvsup Versioncvsup-16.1h-43.i586.rpm

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.202

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html

Vendor Advisory

Exploit

http://marc.info/?l=bugtraq&m=107539776002450&w=2

http://www.securityfocus.com/bid/9523

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/14994

https://nvd.nist.gov/vuln/detail/CVE-2004-2133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2133

EUVD