Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0937


Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0937
Last Modified 10 Sep 2008 03:20:57
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

Vulnerable Systems

Operating System

  • Sco Open Unix 8.0

  • Sco Unixware 7.1.1

  • Sco Unixware 7.1.3



SCO - CSSA-2003-SCO.32

BUGTRAQ - 20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.

Last Updated: 27 May 2016 10:38:06