Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1245

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1245
Last Modified 10 Sep 2008 03:14:09
Published 12 Nov 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1245

Summary

Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.

Vulnerable Systems

Application

  • Frank Mcingvale Luxman 0.41


References

MISC - http://www.idefense.com/advisory/11.06.02.txt

DEBIAN - DSA-189

BUGTRAQ - 20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan

BID - 6113

XF - luxman-maped-read-memory(10549)


Last Updated: 27 May 2016 10:37:15