Vulnerabilities > CVE-2004-0157 - Unspecified vulnerability in Xonix
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN xonix
nessus
Summary
x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_XONIX_141.NASL description The remote host is running an older version of Xonix. Xonix is a game. This version of Xonix calls an external program while retaining setgid privileges. An attacker, exploiting this flaw, would need local access. A successful attack would give the attacker the privileges of the 'games' group. last seen 2016-09-26 modified 2011-10-03 plugin id 14281 published 2004-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14281 title FreeBSD Xonix vulnerability code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the VuXML entry has been # cancelled. # # Disabled on 2011/10/02. # # (C) Tenable Network Security # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14281); script_bugtraq_id(10149); script_cve_id("CVE-2004-0157"); script_version ("1.12"); name["english"] = "FreeBSD Xonix vulnerability"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is running an older version of Xonix. Xonix is a game. This version of Xonix calls an external program while retaining setgid privileges. An attacker, exploiting this flaw, would need local access. A successful attack would give the attacker the privileges of the 'games' group." ); script_set_attribute(attribute:"solution", value: "http://www.vuxml.org/freebsd/6fd9a1e9-efd3-11d8-9837-000c41e2cdad.html" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/17"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_end_attributes(); summary["english"] = "FreeBSD Xonix local exploit"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } exit(0, "This plugin has been deprecated as the associated VuXML entry has been cancelled."); include("freebsd_package.inc"); pkgs = get_kb_item("Host/FreeBSD/pkg_info"); package = egrep(pattern:"^xonix-", string:pkgs); if ( package && pkg_cmp(pkg:package, reference:"xonix-1.4_1") < 0 ) security_warning(0);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-484.NASL description Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid last seen 2020-06-01 modified 2020-06-02 plugin id 15321 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15321 title Debian DSA-484-1 : xonix - failure to drop privileges code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-484. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15321); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0157"); script_bugtraq_id(10149); script_xref(name:"DSA", value:"484"); script_name(english:"Debian DSA-484-1 : xonix - failure to drop privileges"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid 'games'." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-484" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody) this problem will be fixed in version 1.4-19woody1. We recommend that you update your xonix package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xonix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"xonix", reference:"1.4-19woody1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://secunia.com/advisories/11382
- http://secunia.com/advisories/11382
- http://securitytracker.com/id?1009789
- http://securitytracker.com/id?1009789
- http://shellcode.org/Advisories/XONIX.txt
- http://shellcode.org/Advisories/XONIX.txt
- http://www.debian.org/security/2004/dsa-484
- http://www.debian.org/security/2004/dsa-484
- http://www.osvdb.org/5358
- http://www.osvdb.org/5358
- http://www.securityfocus.com/bid/10149
- http://www.securityfocus.com/bid/10149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15873
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15873