Vulnerabilities > CVE-2004-2372 - Local Security vulnerability in Bochs

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

bochs-project

NVD

Published: 2004-12-31

Updated: 2020-05-19

Summary

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Bochs_Project Bochs Project Bochs 1.0 Bochs Project Bochs 1.1 Bochs Project Bochs 1.1.1 Bochs Project Bochs 1.1.2 Bochs Project Bochs 1.2 Bochs Project Bochs 1.2.1 Bochs Project Bochs 1.3 Bochs Project Bochs 1.4 Bochs Project Bochs 1.4.1 Bochs Project Bochs 2.0 Bochs Project Bochs 2.0.1 Bochs Project Bochs 2.0.2 Bochs Project Bochs 2.1	24

Summary

Vulnerable Configurations

References