CVE-2003-0937

Name of the Vulnerable Software and Affected Versions SCO UnixWare versions 7.1.1, 7.1.3 Open UNIX version 8.0.0

Description The issue allows local users to bypass protections for the address space file for a process ID by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program. This leaves the descriptor open to the user, potentially leading to unauthorized access.

Recommendations For SCO UnixWare versions 7.1.1 and 7.1.3, consider restricting access to setuid and setgid programs to minimize the risk of exploitation. For Open UNIX version 8.0.0, restrict access to the procfs file descriptor to prevent unauthorized users from obtaining it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.