Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2003-0124

Disclosure Date: March 18, 2003
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value “unsafe,” which is then executed as a program via a system call if it is in the search path of the user who runs man.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Technical Analysis