VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 20, 2004· Updated Apr 16, 2026

CVE-2003-1024

CVE-2003-1024

Description

A vulnerability in the tcsh ls-F builtin on Solaris 8 allows local users to create/delete files as other users and potentially gain root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in the tcsh ls-F builtin on Solaris 8 allows local users to create/delete files as other users and potentially gain root privileges.

Vulnerability

An unknown vulnerability exists in the built-in ls-F function of the tcsh shell on Solaris 8. The flaw allows a local user to create or delete files as another user. Only Solaris 8 is affected; Solaris 7 and 9 are not vulnerable [1].

Exploitation

An attacker must have local access to a Solaris 8 system and be able to execute tcsh with the ls-F builtin. The exact exploitation method is not publicly disclosed, but the vulnerability can be triggered by a local user without special privileges [1].

Impact

A successful exploit enables the attacker to create or delete files as another user, potentially gaining the privileges of that user, including root. This compromises file integrity and availability and can lead to full privilege escalation [1].

Mitigation

No official patch was released by Sun for this vulnerability. The CERT/CC vulnerability note does not provide any workaround or mitigation steps [1]. Users may consider restricting access to tcsh or using an alternative shell as a precaution.

References
  1. CERT/CC Vulnerability Note VU#281356

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.