CVE-2002-0246

UnixWare 7.1.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0246. PoCs published by jGgM.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in UnixWare's locale subsystem (CVE-2002-0246) to achieve local privilege escalation. It uses maliciously crafted message catalogs via the LC_MESSAGES environment variable to execute arbitrary code with elevated privileges.

Description

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

Exploits (1)

exploitdb WORKING POC VERIFIED
by jGgM · clocalunixware
https://www.exploit-db.com/exploits/21284

This exploit leverages a format string vulnerability in UnixWare's locale subsystem (CVE-2002-0246) to achieve local privilege escalation. It uses maliciously crafted message catalogs via the LC_MESSAGES environment variable to execute arbitrary code with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: UnixWare (SCO/Caldera)
No auth needed
Prerequisites: Local access to the target system · Presence of setuid/setgid programs using the locale subsystem
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/255414
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8113.php
Patch, Vendor Advisory vendor-advisory x_refsource_caldera
ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4060

Scores

EPSS 0.0097
EPSS Percentile 57.6%

Details

Status published
Products (1)
caldera/unixware 7.1.1
Published May 29, 2002
Tracked Since Feb 18, 2026