Lucene search

[email protected]CVE-2003-0937

HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0937

2003-12-1505:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2003

0937

sco

unixware

open unix

local

bypass

security

vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the “as” address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

CPENameOperatorVersion
sco:unixwaresco unixwareeq7.1.3
sco:unixwaresco unixwareeq7.1.1
sco:open_unixsco open unixeq8.0

CPE	Name	Operator	Version
sco:unixware	sco unixware	eq	7.1.3
sco:unixware	sco unixware	eq	7.1.1
sco:open_unix	sco open unix	eq	8.0

References

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt

marc.info/?l=bugtraq&m=106865297403687&w=2

www.texonet.com/advisories/TEXONET-20031024.txt

6.6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2003-0937

securityvulns1