Vulnerability Name: | CVE-2002-0311 (CCN-7977) | ||||||||
Assigned: | 2002-01-20 | ||||||||
Published: | 2002-01-20 | ||||||||
Updated: | 2008-09-11 | ||||||||
Summary: | Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CALDERA Type: UNKNOWN CSSA-2002-SCO.6 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.6 Open UNIX, UnixWare 7: webtop setuid script vulnerability Source: CCN Type: BugTraq Mailing List, Sun Jan 20 2002 - 17:30:16 CST Unixware 7.1.1 scoadminreg.cgi local exploit Source: MITRE Type: CNA CVE-2002-0311 Source: BUGTRAQ Type: Exploit 20020120 Unixware 7.1.1 scoadminreg.cgi local exploit Source: XF Type: Patch, Vendor Advisory unixware-webtop-execute-commands(7977) Source: CCN Type: OSVDB ID: 9332 Open UNIX/UnixWare webtop scoadminreg.cgi -c Argument Privilege Escalation Source: CCN Type: OSVDB ID: 9333 Open UNIX/UnixWare webtop service_action.cgi -c Argument Privilege Escalation Source: BID Type: UNKNOWN 3936 Source: CCN Type: BID-3936 Caldera UnixWare WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability Source: XF Type: UNKNOWN unixware-webtop-execute-commands(7977) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: ![]() | ||||||||
BACK |