CVE Vulnerabilities

CVE-2004-1263

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious make program.

Affected Software

Name Vendor Start Version End Version
Changepassword Changepassword 0.1 0.1
Changepassword Changepassword 0.2 0.2
Changepassword Changepassword 0.3 0.3
Changepassword Changepassword 0.4 0.4
Changepassword Changepassword 0.5 0.5
Changepassword Changepassword 0.6 0.6
Changepassword Changepassword 0.6.1 0.6.1
Changepassword Changepassword 0.7 0.7
Changepassword Changepassword 0.8 0.8

References