Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0742

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0742
Last Modified 10 Sep 2008 03:20:20
Published 06 Oct 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0742

Summary

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

Vulnerable Systems

Operating System

  • Sco Openserver 5.0.5

  • Sco Openserver 5.0.6

  • Sco Openserver 5.0.7



Last Updated: 27 May 2016 10:38:02