PT-2003-1835 · Sco · Sco Internet Manager
Published
2003-09-19
·
Updated
2022-08-17
·
CVE-2003-0742
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
SCO Internet Manager (mana) (affected versions not specified)
Description:
The issue allows local users to execute arbitrary programs. This is achieved by setting the
REMOTE ADDR environment variable to make menu.mana run as if it were called from ncsa httpd, and then modifying the PATH environment variable to point to a malicious hostname program.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sco Internet Manager