Vulnerabilities > CVE-2004-2303 - Unspecified vulnerability in Mtools Mformat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
| description | MTools 3.9.x MFormat Privilege Escalation Vulnerability. CVE-2004-2303 . Local exploit for linux platform |
| id | EDB-ID:23759 |
| last seen | 2016-02-02 |
| modified | 2004-02-25 |
| published | 2004-02-25 |
| reporter | Sebastian Krahmer |
| source | https://www.exploit-db.com/download/23759/ |
| title | MTools 3.9.x - MFormat Privilege Escalation Vulnerability |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2004-016.NASL |
| description | Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14116 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14116 |
| title | Mandrake Linux Security Advisory : mtools (MDKSA-2004:016) |
References
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:016
- http://www.securityfocus.com/bid/9746
- http://www.securityfocus.com/bid/9746
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15317