sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sas base 8.0 |
||
sas integration technologies 8.0 |