CVE-2003-0742

3 documents3 sources
Severity
7.2HIGH
EPSS
0.1%
top 76.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SCO Openserver
Timeline
PublishedOct 6
Latest updateApr 29

Description

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsco/openserver5.0.5, 5.0.6, 5.0.7+2

🔴Vulnerability Details

2
GHSA
GHSA-rfqr-p8c5-vm4j: SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu2022-04-29
CVEList
CVE-2003-0742: SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu2003-09-19
CVE-2003-0742 (HIGH CVSS 7.2) | SCO Internet Manager (mana) allows | cvebase.io