CVE-2002-1245 - Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which

CVE-2002-1245

Summary

Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.

References

Vulnerable Configurations

cpe:2.3:a:frank_mcingvale:luxman:0.41:*:*:*:*:*:*:*
cpe:2.3:a:frank_mcingvale:luxman:0.41:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 02:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	6113
bugtraq	20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
debian	DSA-189
misc	http://www.idefense.com/advisory/11.06.02.txt
vulnwatch	20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
xf	luxman-maped-read-memory(10549)

Last major update

18-10-2016 - 02:25

Published

12-11-2002 - 05:00

Last modified

18-10-2016 - 02:25