Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0337

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0337
Last Modified 05 Sep 2008 04:34:04
Published 22 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0337

Summary

The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.

Vulnerable Systems

Application

  • Platform Lsadmin 5.1


References

BUGTRAQ - 20030522 Security advisory: LSF 5.1 local root exploit


Last Updated: 27 May 2016 10:37:52