Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1287

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-1287
Last Modified 05 Sep 2008 04:36:32
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-1287

Summary

Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.

Vulnerable Systems

Application

  • Sambar Server 5.0

  • Sambar Server 5.1

  • Sambar Server 5.2

  • Sambar Server 5.3

  • Sambar Server 6.0


References

XF - sambar-post-code-execution(16059)

OSVDB - 5781

SECTRACK - 1007819

CONFIRM - http://www.sambar.com/security.htm

IDEFENSE - 20030925 Sambar Server Multiple Vulnerabilities

SECUNIA - 9578

BUGTRAQ - 20040430 SECURITY.NNOV: Sambar security quest


Last Updated: 27 May 2016 10:38:18