CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2003-0937

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.8%

CVSS Severity

CVSS v2 Score 4.6

References

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt
http://marc.info/?l=bugtraq&m=106865297403687&w=2
http://www.texonet.com/advisories/TEXONET-20031024.txt
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt
http://marc.info/?l=bugtraq&m=106865297403687&w=2
http://www.texonet.com/advisories/TEXONET-20031024.txt

Products affected by CVE-2003-0937

Sco » Open Unix » Version: 8.0

cpe:2.3:o:sco:open_unix:8.0
Sco » Unixware » Version: 7.1.1

cpe:2.3:o:sco:unixware:7.1.1
Sco » Unixware » Version: 7.1.3

cpe:2.3:o:sco:unixware:7.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-0937

Products

Pricing

Contact Us