CVE-2003-0949
published 2004-02-03CVE-2003-0949: xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.41%
33.0th percentile
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xsok | < xsok 1.02-11 (bookworm) | xsok 1.02-11 (bookworm) |
| debian | xsok | — | — |
| michael_bischoff | xsok | — | — |
| michael_bischoff | xsok | >= 0 < 1.02-11 | 1.02-11 |
| michael_bischoff | xsok | >= 0 < 1.02-11 | 1.02-11 |
| michael_bischoff | xsok | >= 0 < 1.02-11 | 1.02-11 |
| michael_bischoff | xsok | >= 0 < 1.02-11 | 1.02-11 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0074: xsok - Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via...
vendor_debian·2004·CVSS 4.6
CVE-2004-0074 [MEDIUM] CVE-2004-0074: xsok - Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via...
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2003-0949: xsok - xsok 1.02 does not properly drop privileges before finding and executing the "gu...
vendor_debian·2003·CVSS 4.6
CVE-2003-0949 [MEDIUM] CVE-2003-0949: xsok - xsok 1.02 does not properly drop privileges before finding and executing the "gu...
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
Scope: local
bookworm: resolved (fixed in 1.02-11)
bullseye: resolved (fixed in 1.02-11)
forky: resolved (fixed in 1.02-11)
sid: resolved (fixed in 1.02-11)
trixie: resolved (fixed in 1.02-11)
GHSA
GHSA-g97f-h2hx-qjv4: xsok 1
ghsa_unreviewed·2022-04-29
CVE-2003-0949 [MEDIUM] GHSA-g97f-h2hx-qjv4: xsok 1
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
GHSA
GHSA-jggx-7jmp-p9ff: Multiple buffer overflows in xsok 1
ghsa_unreviewed·2022-04-29·CVSS 4.6
CVE-2004-0074 [MEDIUM] GHSA-jggx-7jmp-p9ff: Multiple buffer overflows in xsok 1
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
OSV
CVE-2003-0949: xsok 1
osv·2004-02-03·CVSS 4.6
CVE-2003-0949 [MEDIUM] CVE-2003-0949: xsok 1
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2004-02-03
Published