Vulnerability Description
S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insightful | S-Plus | 6.0 |
References
- http://secunia.com/advisories/7833
- http://www.iss.net/security_center/static/11005.php
- http://www.securityfocus.com/archive/1/305342Vendor Advisory
- http://www.securityfocus.com/bid/6530
- http://www.securitytracker.com/id?1005896
- http://secunia.com/advisories/7833
- http://www.iss.net/security_center/static/11005.php
- http://www.securityfocus.com/archive/1/305342Vendor Advisory
- http://www.securityfocus.com/bid/6530
- http://www.securitytracker.com/id?1005896
FAQ
What is CVE-2003-1279?
CVE-2003-1279 is a vulnerability with a CVSS score of 4.6 (MEDIUM). S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and ...
How severe is CVE-2003-1279?
CVE-2003-1279 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1279?
Check the references section above for vendor advisories and patch information. Affected products include: Insightful S-Plus.