Vulnerabilities > CVE-2002-2017 - Local Root Code Execution vulnerability in SAS SASTCPD

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sas

critical

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

Vulnerable Configurations

Part	Description	Count
Application	Sas SAS Base 8.0 SAS Integration Technologies 8.0	2

References

http://online.securityfocus.com/archive/1/253183
http://www.iss.net/security_center/static/8024.php
http://www.securityfocus.com/bid/3994