Lucene search

[email protected]CVE-2003-0337

HistoryMay 22, 2003 - 4:00 a.m.

CVE-2003-0337

2003-05-2204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0337

ckconfig command

lsadmin

load sharing facility

lsf 5.1

nvd

security vulnerability

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.

CPENameOperatorVersion
platform:lsadminplatform lsadmineq5.1

CPE	Name	Operator	Version
platform:lsadmin	platform lsadmin	eq	5.1

References

marc.info/?l=bugtraq&m=105361879109409&w=2

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON