ChangePassword CVE-2004-1263 Denial-Of-Service Vulnerability

ChangePassword CVE-2004-1263 Denial-Of-Service Vulnerability

ChangePassword is prone to a denial-of-service vulnerability in 'changepassword.cgi' because, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.