Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0469

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0469
Last Modified 05 Sep 2008 04:28:06
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0469

Summary

Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.

Vulnerable Systems

Application

  • Ecartis 1.0.0 Snapshot 2002-01-21

  • Ecartis 1.0.0 Snapshot 2002-01-25

  • Listar 0.126a

  • Listar 0.127a

  • Listar 0.129a


References

BID - 4277

BUGTRAQ - 20020310 Ecartis/Listar multiple vulnerabilities

XF - ecartis-root-privileges(8444)

VULNWATCH - 20020311 [VulnWatch] Ecartis/Listar multiple vulnerabilities


Last Updated: 27 May 2016 10:36:55