CVE-2002-2017

2022-10-0316:23:50

mitre

www.cve.org

cve-2002-2017

sastcpd

sas/base 8.0

local users

execute

arbitrary code

authprog

environment variable

malicious program

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

References

online.securityfocus.com/archive/1/253183

www.iss.net/security_center/static/8024.php

www.securityfocus.com/bid/3994