CVE-2003-0704

Name of the Vulnerable Software and Affected Versions: KisMAC version prior to 0.05d

Description: The issue allows local users to gain privileges by exploiting the trust in user-supplied variables when chowning files or directories. This is achieved through the $DRIVER KEXT environment variable in several scripts, including viha driver.sh, macjack load.sh, airojack load.sh, setuid enable.sh, and setuid disable.sh. A similar technique is used for viha prep.sh and viha unprep.sh.

Recommendations: For KisMAC version prior to 0.05d, update to version 0.05d or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts until the update is applied. Avoid using the $DRIVER KEXT environment variable in the affected scripts until the issue is resolved.