CVE-2002-0246

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published2002-05-29 12:00:00.000-04
Last Modified2008-09-10 08:00:47.000-04

Vulnerable Software List

VendorProductVersions
Caldera Unixware 7.1.1

References

SourceLink
CALDERACSSA-2002-SCO.3
BUGTRAQ20020210 Unixware Message catalog exploit code
XFunixware-msg-catalog-format-string(8113)
BID4060