CVE Vulnerabilities

CVE-2002-1871

Published: Dec 31, 2002 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a ? (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

Affected Software

Name Vendor Start Version End Version
Sunos Sun 5.7 5.7
Sunos Sun 5.8 5.8
Sunos Sun 5.5.1 5.5.1
Solaris Sun 2.6 2.6

References