CVE-2002-2018

sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault...

CVE-2002-2017

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd...

CVE-2002-2018

CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.

CVE-2002-2017

The CVE-2002-2017 issue affects SAS/Base 8.0 where local users can cause arbitrary code execution by abusing sastcpd’s authprog environment variable to reference a malicious program, which is then executed by sastcpd. The root cause is the use of an environment variable (authprog) that dictates w...

CVE-2002-0218

CVE-2002-0218 describes a format-string vulnerability in SAS software (SAS/Base 8.0/8.1: sastcpd; SAS/Integration Technologies 8.0/8.1: objspawn) that allows a local user to trigger arbitrary code execution via format specifiers supplied in a command-line argument. The root cause is a format-stri...

CVE-2002-0219

CVE-2002-0219 affects SAS products: SAS/Base 8.0/8.1 (sastcpd) and SAS/Integration Technologies 8.0/8.1 (objspawn). The root cause is a buffer overflow triggered by a large command line argument, allowing a local user to execute arbitrary code. Impact is reported as local code execution with full...

sastcpd Buffer Overflow and Format String Vulnerabilities

---------------------------------------------------------- sastcpd Buffer Overflow and Format String Vulnerabilities Ministry-of-Peace - www.ministryofpeace.co.uk ---------------------------------------------------------- SYNOPSIS "SAS software provides the foundation, tools, and solutions for da...