Описание
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
Ссылки
- PatchVendor Advisory
- PatchVendor AdvisoryURL Repurposed
- PatchVendor Advisory
- PatchVendor AdvisoryURL Repurposed
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00089
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
EPSS
Процентиль: 25%
0.00089
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other