CVE-2002-0246
Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.
Vulnerabilidad en la cadena formateada en las funciones de librería del catálogo de mensajes en UnixWare 7.1.1 permite que usuarios locales obtengan privilegios modificando la variable de entorno LC_MESSAGE para que lea otros catálogos de mensajes que contiene cadenas formateadas por programas con el setuid (como, por ejemplo, vxprint).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-02-07 First Exploit
- 2002-05-01 CVE Reserved
- 2002-05-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/4060 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21284 | 2002-02-07 | |
| http://online.securityfocus.com/archive/1/255414 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt | 2008-09-11 | |
| http://www.iss.net/security_center/static/8113.php | 2008-09-11 |
| URL | Date | SRC |
|---|