Lucene search

[email protected]CVE-2002-0219

HistoryMay 16, 2002 - 4:00 a.m.

CVE-2002-0219

2002-05-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

cve-2002-0219

buffer overflow

sastcpd

objspawn

sas/base

sas/integration technologies

arbitrary code execution

8.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.

CPENameOperatorVersion
sas:sas_basesas sas baseeq8.1
sas:sas_integration_technologiessas sas integration technologieseq8.1
sas:sas_basesas sas baseeq8.0
sas:sas_integration_technologiessas sas integration technologieseq8.0

CPE	Name	Operator	Version
sas:sas_base	sas sas base	eq	8.1
sas:sas_integration_technologies	sas sas integration technologies	eq	8.1
sas:sas_base	sas sas base	eq	8.0
sas:sas_integration_technologies	sas sas integration technologies	eq	8.0

References

archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html

online.securityfocus.com/archive/1/252847

online.securityfocus.com/archive/1/252891

www.iss.net/security_center/static/8017.php

www.sas.com/service/techsup/unotes/SN/004/004201.html

www.securityfocus.com/bid/3979

8.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON