Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1426

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2003-1426
Last Modified 05 Sep 2008 04:36:54
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1426

Summary

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.

Vulnerable Systems

Application

  • Cpanel 5.0


References

XF - cpanel-scriptfilename-gain-privileges(11357)

BID - 6885

VULNWATCH - 20030218 Cpanel 5 and below remote command execution and local root vulnerabilities


Last Updated: 27 May 2016 10:38:21