CVE-2004-0395

Vulnerability

The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist. This allows the use of shell metacharacters in a system call, enabling local privilege escalation. Affected versions include those in Debian GNU/Linux 3.0 (woody) and possibly other distributions [1].

Exploitation

A local user can trigger this vulnerability by ensuring the configuration file is absent and then invoking xatitv with crafted input containing shell metacharacters (e.g., backticks or semicolons). The program, running with elevated privileges, will execute the injected commands [1].

Impact

Successful exploitation allows a local attacker to execute arbitrary commands with root privileges, leading to complete compromise of the system's confidentiality, integrity, and availability [1].

Mitigation

The fixed version for Debian 3.0 (woody) is gatos_0.0.20030710-6woody1, released on 2004-05-25 [1]. Users should upgrade the gatos package or apply the vendor-provided patch. No workarounds are documented [1].