rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/3236 - | |
References | () http://www.securityfocus.com/advisories/4960 - | |
References | () http://www.securityfocus.com/archive/1/324381 - | |
References | () http://www.securityfocus.com/bid/6837 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11312 - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1358
Mitre link : CVE-2003-1358
CVE.ORG link : CVE-2003-1358
JSON object : View
Products Affected
hp
- hp-ux
CWE
CWE-264
Permissions, Privileges, and Access Controls