CVE-2002-1871

2005-06-2804:00:00

mitre

www.cve.org

cve-2002-1871

sun solaris

pkgadd

vulnerability

setuid

setgid

privilege escalation

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

23.7%

JSON

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a “?” (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

References

sunsolve.sun.com/search/document.do?assetkey=1-26-45693-1

www.iss.net/security_center/static/9544.php

www.securityfocus.com/bid/5208