CVE-2002-2017

2005-07-1404:00:00

mitre

www.cve.org

cve-2002-2017

sastcpd

sas/base 8.0

local users

execute

arbitrary code

authprog

environment variable

malicious program

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

References

online.securityfocus.com/archive/1/253183

www.iss.net/security_center/static/8024.php

www.securityfocus.com/bid/3994