QwikSec

Security Database

CVE

CWE

Training

CVE-2003-0449

Published: Jun 20, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue

mailing-list

x_refsource_BUGTRAQ

http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt

x_refsource_MISC

http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt

x_refsource_MISC

20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.