ID CVE-2003-1452
Summary Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
References
Vulnerable Configurations
  • cpe:2.3:a:qualcomm:qpopper:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0.5_fc2:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0.5_fc2:*:*:*:*:*:*:*
  • cpe:2.3:a:qualcomm:qpopper:4.0_b14:*:*:*:*:*:*:*
    cpe:2.3:a:qualcomm:qpopper:4.0_b14:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 7447
bugtraq 20030428 Qpopper v4.0.x poppassd local root exploit
sreason 3268
vulnwatch 20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root
xf qpopper-poppassd-root-access(11877)
Last major update 29-07-2017 - 01:29
Published 31-12-2003 - 05:00
Last modified 29-07-2017 - 01:29
Back to Top