CVE-2002-1871

2022-10-0316:23:48

mitre

www.cve.org

cve-2002-1871

sun solaris

pkgadd

vulnerability

setuid

setgid

privilege escalation

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a “?” (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

References

sunsolve.sun.com/search/document.do?assetkey=1-26-45693-1

www.iss.net/security_center/static/9544.php

www.securityfocus.com/bid/5208