CVE-2003-0937

3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 74.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SCO Open UnixSCO Unixware
Timeline
PublishedDec 15
Latest updateMay 3

Description

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDsco/open_unix8.0
NVDsco/unixware7.1.1, 7.1.3+1

Patches

Patch: ftp.sco.comPatch: www.texonet.comPatch: ftp.sco.com

🔴Vulnerability Details

2
GHSA
GHSA-hcmv-4364-jhrx: SCO UnixWare 72022-05-03
CVEList
CVE-2003-0937: SCO UnixWare 72003-11-18
CVE-2003-0937 (MEDIUM CVSS 4.6) | SCO UnixWare 7.1.1 | cvebase.io