CVE

CVE-2002-0219

Date: (C)2002-05-16   (M)2023-12-22

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html

BID-3979

http://www.sas.com/service/techsup/unotes/SN/004/004201.html

sas-sastcpd-spawner-bo(8017)