Vulnerability Name: | CVE-2003-0742 (CCN-13198) | ||||||||
Assigned: | 2003-09-15 | ||||||||
Published: | 2003-09-15 | ||||||||
Updated: | 2022-08-17 | ||||||||
Summary: | SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: SCO Security Advisory CSSA-2003-SCO.19 OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : SCO Internet Manager - local users can gain root level privileges. Source: MITRE Type: CNA CVE-2003-0742 Source: CCN Type: SA9734 SCO OpenServer Internet Manager Privilege Escalation Source: CCN Type: OSVDB ID: 7631 SCO Internet Manager REMOTE_ADDR Variable Arbitrary Program Execution Source: CCN Type: BID-8616 SCO OpenServer mana REMOTE_ADDR Authentication Bypass Vulnerability Source: CCN Type: BID-8618 SCO OpenServer mana PATH_INFO Privilege Escalation Vulnerability Source: XF Type: UNKNOWN openserver-mana-gain-privileges(13198) Source: MISC Type: UNKNOWN https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0742 | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
BACK |