CVE-2000-1073

Name of the Vulnerable Software and Affected Versions iCal version 2.1 Patch 2

Description The issue allows local users to gain root privileges. This is possible because the csstart program in iCal searches for the cshttpd program in the current working directory, enabling a local user to create a Trojan Horse cshttpd program in a directory and then call csstart from that directory.

Recommendations For iCal version 2.1 Patch 2, consider restricting access to the csstart program to prevent unauthorized execution from arbitrary directories until a patch is available. As a temporary workaround, avoid using the csstart program in untrusted directories to minimize the risk of exploitation.