Vulnerabilities > CVE-2003-0937 - Unspecified vulnerability in SCO Open Unix and Unixware

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sco

NVD

Published: 2003-12-15

Updated: 2024-02-14

Summary

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

Vulnerable Configurations

Part	Description	Count
OS	Sco SCO Unixware 7.1.3 SCO Unixware 7.1.1 SCO Open Unix 8.0	3

References

http://www.texonet.com/advisories/TEXONET-20031024.txt
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt
http://marc.info/?l=bugtraq&m=106865297403687&w=2