The CGIwrap program prior to 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow malicious users to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
nathan neulinger cgiwrap 2.0 |
||
nathan neulinger cgiwrap 2.1 |
||
nathan neulinger cgiwrap 2.2 |
||
nathan neulinger cgiwrap 2.3 |
||
nathan neulinger cgiwrap 3.4 |
||
nathan neulinger cgiwrap 3.5 |
||
nathan neulinger cgiwrap 3.6.1 |
||
nathan neulinger cgiwrap 3.6.2 |
||
nathan neulinger cgiwrap 3.0 |
||
nathan neulinger cgiwrap 2.5 |
||
nathan neulinger cgiwrap 2.7 |
||
nathan neulinger cgiwrap 3.23 |
||
nathan neulinger cgiwrap 3.3 |
||
nathan neulinger cgiwrap 3.6.3 |
||
nathan neulinger cgiwrap 3.6.5 |
||
nathan neulinger cgiwrap 3.1 |
||
nathan neulinger cgiwrap 3.11 |
||
nathan neulinger cgiwrap 3.2 |
||
nathan neulinger cgiwrap 3.21 |
||
nathan neulinger cgiwrap 3.7.1 |
||
nathan neulinger cgiwrap 3.7 |
||
nathan neulinger cgiwrap 3.8 |
||
nathan neulinger cgiwrap 1.0 |
||
nathan neulinger cgiwrap 2.4 |
||
nathan neulinger cgiwrap 2.6 |
||
nathan neulinger cgiwrap 3.22 |
||
nathan neulinger cgiwrap 3.24 |
||
nathan neulinger cgiwrap 3.6.4 |
||
nathan neulinger cgiwrap 3.6 |
Vulmon