PT-2002-1993 · Sco+1 · Xsco+3

Published

2002-09-24

Updated

2008-09-10

CVE-2002-0987

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenUNIX version 8.0.0 UnixWare version 7.1.1

Description: The issue concerns the X server (Xsco) in the specified operating systems, which fails to drop privileges before executing certain programs, such as xkbcomp, using the popen function. This could potentially allow local users to gain elevated privileges.

Recommendations: For OpenUNIX version 8.0.0, consider restricting access to the xkbcomp program until a proper fix is applied. For UnixWare version 7.1.1, restrict the use of the popen function in the X server (Xsco) to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0987

Affected Products

Open Unix

Unixware

Xsco

Xkbcomp

PT-2002-1993 · Sco+1 · Xsco+3

CVE-2002-0987

Related Identifiers

Affected Products

References · 6