1. Home
  2. CVE Database
  3. CVE-2003-0742
HIGH · 7.2

CVE-2003-0742

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modify...

Vulnerability Description

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
ScoOpenserver5.0.5

References

FAQ

What is CVE-2003-0742?

CVE-2003-0742 is a vulnerability with a CVSS score of 7.2 (HIGH). SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modify...

How severe is CVE-2003-0742?

CVE-2003-0742 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0742?

Check the references section above for vendor advisories and patch information. Affected products include: Sco Openserver.