| Vulnerability Name: | CVE-2003-1452 (CCN-11877) | ||||||||
| Assigned: | 2003-04-28 | ||||||||
| Published: | 2003-04-28 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-16 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Apr 28 2003 - 09:12:44 CDT Qpopper v4.0.x poppassd local root exploit Source: VULNWATCH Type: Exploit 20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root Source: MITRE Type: CNA CVE-2003-1452 Source: SREASON Type: UNKNOWN 3268 Source: CCN Type: Qualcomm Web site Qpopper Home Page Source: CCN Type: OSVDB ID: 60330 Qpopper PATH Variable Search Path Subversion Arbitrary Code Execution Source: BUGTRAQ Type: Exploit 20030428 Qpopper v4.0.x poppassd local root exploit Source: BID Type: Exploit 7447 Source: CCN Type: BID-7447 Qualcomm Qpopper Poppassd Local Arbitrary Command Execution Vulnerability Source: XF Type: UNKNOWN qpopper-poppassd-root-access(11877) Source: XF Type: UNKNOWN qpopper-poppassd-root-access(11877) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||