Vulnerability Report

CVE-2003-0742

RCE

Title: SCO Internet Manager arbitrary program execution

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2003-0742.

CWE Category NVD-CWE-noinfo

Published Date Oct 06, 2003

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 7.2 CVSS v2.0

Exploit Probability (EPSS)

0.08%

Vulnerability Summary

CVE-2003-0742: SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

Impacted Vendors

sco 1

caldera 1

Reference Links

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0742 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0742

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.2

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2003-0742 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

October 06, 2003 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.