CVE-2005-0070

medium

Description

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.

References

http://www.securityfocus.com/bid/12546

http://www.debian.org/security/2005/dsa-681

http://securitytracker.com/id?1013206

http://secunia.com/advisories/14300

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium