Vulnerability Name: | CVE-2002-0987 (CCN-9976) | ||||||||
Assigned: | 2002-08-26 | ||||||||
Published: | 2002-08-26 | ||||||||
Updated: | 2008-09-10 | ||||||||
Summary: | X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CALDERA Type: UNKNOWN CSSA-2002-SCO.38 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.38 Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and buffer overflow Source: MITRE Type: CNA CVE-2002-0987 Source: XF Type: UNKNOWN openunix-unixware-xsco-privileges(9976) Source: OSVDB Type: UNKNOWN 5044 Source: CCN Type: OSVDB ID: 5044 OpenUNIX Xsco xkbcomp Unspecified Privilege Escalation Source: BID Type: UNKNOWN 5575 Source: CCN Type: BID-5575 Caldera X Server External Program Privileged Invocation Weakness Source: XF Type: UNKNOWN openunix-unixware-xsco-privileges(9976) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||
BACK |