Vulnerability Details : CVE-2003-0578
Potential exploit
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
Products affected by CVE-2003-0578
- cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0578
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0578
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-01-26 |
CWE ids for CVE-2003-0578
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0578
-
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html
Broken Link;Exploit;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=105839150004682&w=2
'SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as' - MARCMailing List
Jump to