ID CVE-2003-0834
Summary Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
References
Vulnerable Configurations
  • cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2005-06-29T06:49:00.000-04:00
class vulnerability
contributors
  • name Brian Soby
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
description Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
family unix
id oval:org.mitre.oval:def:5141
status accepted
submitted 2005-01-19T12:00:00.000-04:00
title CDE libDtHelp Buffer Overflow
version 32
refmap via4
bid 8973
cert-vn VU#575804
hp HPSBUX0311-297
idefense 20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability
sco CSSA-2003-SCO.31
sgi 20040801-01-P
sunalert 57414
Last major update 03-05-2018 - 01:29
Published 01-12-2003 - 05:00
Back to Top