CVE-2002-2017

CRITICAL(10.0)

AV:N/AC:L/Au:N/C:C/I:C/A:C

Risk Signal Score26/100 — MITTEL

CVSS 10 — Kritisch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

Technische Schwere

Beschreibung

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

Referenzen

http://online.securityfocus.com/archive/1/253183
http://www.iss.net/security_center/static/8024.php
http://www.securityfocus.com/bid/3994
http://online.securityfocus.com/archive/1/253183
http://www.iss.net/security_center/static/8024.php
http://www.securityfocus.com/bid/3994