1. Home
  2. CVE Database
  3. CVE-2003-0337
MEDIUM · 4.6

CVE-2003-0337

The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf...

Vulnerability Description

The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
PlatformLsadmin5.1

References

FAQ

What is CVE-2003-0337?

CVE-2003-0337 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf...

How severe is CVE-2003-0337?

CVE-2003-0337 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0337?

Check the references section above for vendor advisories and patch information. Affected products include: Platform Lsadmin.