Vulnerabilities > CVE-2003-0449 - Unspecified vulnerability in Progress Database 9.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
progress
exploit available
NVD
Published: 2003-08-07
Updated: 2024-11-20

Summary

Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.

Vulnerable Configurations

Part Description Count
Application
Progress
1

Exploit-Db

descriptionProgress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability. CVE-2003-0449. Local exploit for linux platform
idEDB-ID:22773
last seen2016-02-02
modified2003-06-14
published2003-06-14
reporterkf
sourcehttps://www.exploit-db.com/download/22773/
titleProgress Database 9.1 - Environment Variable Local Privilege Escalation Vulnerability

References