4.6
CVE-2003-0449
- EPSS 1.49%
- Veröffentlicht 07.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.707 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://marc.info/?l=bugtraq&m=105561134624665&w=2
http://marc.info/?l=bugtraq&m=105561189625082&w=2
http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt
http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt