CVE-2003-0579

Name of the Vulnerable Software and Affected Versions: IBM U2 UniVerse versions 10.0.0.0 through 10.0.0.9

Description: The issue allows local users to gain privileges by exploiting a trust in the user-supplied -uv.install command line option. This option is used to find and execute the uv.install program. If a user provides a pathname that is under their control, they can potentially exploit this to elevate their privileges.

Recommendations: For IBM U2 UniVerse versions 10.0.0.0 through 10.0.0.9, consider restricting access to the uv.install program to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of the uv.install program based on user-supplied pathnames until a fix is available.