PT-2003-2397 · Qualcomm · Qpopper
Xpl017Elz
·
Published
2003-12-31
·
Updated
2017-07-29
·
CVE-2003-1452
CVSS v2.0
3.6
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Qualcomm qpopper versions 4.0 through 4.05
Description
The issue allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. This is due to an untrusted search path vulnerability.
Recommendations
For versions 4.0 through 4.05, consider restricting access to the PATH environment variable to prevent modification and minimize the risk of exploitation. As a temporary workaround, avoid using the smbpasswd program until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qpopper