SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00089
Percentile: 0.26388

CVSS Scoring

Affected Products

• cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*
• cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*
• cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*

← Back to Home