CVE-2003-0703

Name of the Vulnerable Software and Affected Versions: KisMAC versions prior to 0.05d

Description: The issue allows local users to gain privileges by exploiting the trust in user-supplied variables to load arbitrary kernels or kernel modules. This can be achieved via the $DRIVER KEXT environment variable in scripts such as viha driver.sh, macjack load.sh, or airojack load.sh, or through similar techniques using exchangeKernel.sh.

Recommendations: For KisMAC versions prior to 0.05d, update to version 0.05d or later to resolve the issue. As a temporary workaround, consider restricting the use of the $DRIVER KEXT environment variable and limiting the execution of scripts like viha driver.sh, macjack load.sh, airojack load.sh, and exchangeKernel.sh to minimize the risk of exploitation.