PT-2003-1670 · Intersystems · Caché Database

Published

2003-07-04

Updated

2020-02-10

CVE-2003-0497

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Caché Database versions 5.x

Description: The issue allows local users to gain privileges by modifying cache and executing it via cuxs, due to world-writable permissions on /cachesys/bin/cache.

Recommendations: For Caché Database versions 5.x, change the permissions of /cachesys/bin/cache to prevent world-writable access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2003-0497

Affected Products

Caché Database

PT-2003-1670 · Intersystems · Caché Database

CVE-2003-0497

Weakness Enumeration

Related Identifiers

Affected Products

References · 4