Vulnerabilities > CVE-2003-1452 - Configuration vulnerability in Qualcomm Qpopper

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

qualcomm

CWE-16

exploit available

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.

Vulnerable Configurations

Part	Description	Count
Application	Qualcomm Qualcomm Qpopper 4.0 Qualcomm Qpopper 4.0.1 Qualcomm Qpopper 4.0.2 Qualcomm Qpopper 4.0.3 Qualcomm Qpopper 4.0.4 Qualcomm Qpopper 4.0.5 Qualcomm Qpopper 4.0.5_Fc2 Qualcomm Qpopper 4.0_B14	8

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Exploit-Db

description	Qpopper 4.0.x poppassd Local Root Exploit. CVE-2003-1452. Local exploit for linux platform
id	EDB-ID:21
last seen	2016-01-31
modified	2003-04-29
published	2003-04-29
reporter	Xpl017Elz
source	https://www.exploit-db.com/download/21/
title	Qpopper 4.0.x - poppassd Local Root Exploit

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References