Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0246

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0246
Last Modified 10 Sep 2008 08:00:47
Published 29 May 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0246

Summary

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

Vulnerable Systems

Application

  • Caldera Unixware 7.1.1


References

XF - unixware-msg-catalog-format-string(8113)

CALDERA - CSSA-2002-SCO.3

BUGTRAQ - 20020210 Unixware Message catalog exploit code

BID - 4060


Last Updated: 27 May 2016 10:36:50