CVE-2002-0246

Name of the Vulnerable Software and Affected Versions UnixWare version 7.1.1

Description A format string issue exists in the message catalog library functions of UnixWare, allowing local users to elevate privileges. This is achieved by modifying the LC MESSAGE environment variable to access other message catalogs that contain format strings from setuid programs, such as vxprint.

Recommendations For UnixWare version 7.1.1, as a temporary workaround, consider restricting access to setuid programs like vxprint until a patch is available. Additionally, avoid modifying the LC MESSAGE environment variable to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.