Vulnerabilities > CVE-2004-2303 - Privilege Escalation vulnerability in MTools MFormat

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

mtools

nessus

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.

Vulnerable Configurations

Part	Description	Count
Application	Mtools Mtools Mformat 3.9.1 Mtools Mformat 3.9.2 Mtools Mformat 3.9.3 Mtools Mformat 3.9.4 Mtools Mformat 3.9.5 Mtools Mformat 3.9.6 Mtools Mformat 3.9.7 Mtools Mformat 3.9.8 Mtools Mformat 3.9.9	9

Exploit-Db

description	MTools 3.9.x MFormat Privilege Escalation Vulnerability. CVE-2004-2303 . Local exploit for linux platform
id	EDB-ID:23759
last seen	2016-02-02
modified	2004-02-25
published	2004-02-25
reporter	Sebastian Krahmer
source	https://www.exploit-db.com/download/23759/
title	MTools 3.9.x - MFormat Privilege Escalation Vulnerability

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-016.NASL
description	Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat.
last seen	2020-06-01
modified	2020-06-02
plugin id	14116
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14116
title	Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References