Vulnerability Details CVE-2002-0469
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.4%
CVSS Severity
CVSS v2 Score 7.2
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
- http://www.iss.net/security_center/static/8444.php
- http://www.securityfocus.com/archive/1/261209
- http://www.securityfocus.com/bid/4277
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
- http://www.iss.net/security_center/static/8444.php
- http://www.securityfocus.com/archive/1/261209
- http://www.securityfocus.com/bid/4277
Products affected by CVE-2002-0469
-
cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-01-21
-
cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-01-25
-
cpe:2.3:a:listar:listar:0.126a
-
cpe:2.3:a:listar:listar:0.127a
-
cpe:2.3:a:listar:listar:0.129a