Local Privilege Escalation in IBM U2 UniVerse Affecting Users with Uvadm Rights
CVE-2003-0579

Currently unrated

Key Information:

Vendor: IBM
Status: U2 Universe
Vendor: CVE Published:; 18 August 2003

Summary

The uvadmsh component in IBM's U2 UniVerse, versions 10.0.0.9 and earlier, relies on the user-supplied -uv.install command line option to locate and execute the uv.install program. This trust in user input can be exploited by local users who manipulate the pathname under their control. Such exploitation enables unauthorized privilege gains, presenting significant security concerns for systems utilizing this software.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://marc.info/?l=bugtraq&m=105838948002337&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 18, 2003
Vulnerability Reserved
Jul 16, 2003