2 matches found
CVE-2002-2018
CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.
CVE-2002-2017
The CVE-2002-2017 issue affects SAS/Base 8.0 where local users can cause arbitrary code execution by abusing sastcpd’s authprog environment variable to reference a malicious program, which is then executed by sastcpd. The root cause is the use of an environment variable (authprog) that dictates w...