CVE-1999-1252

Current Description

Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.

Basic Data

PublishedSeptember 04, 1996
Last ModifiedDecember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSScoUnixware2.0.x*******
    2.3OSScoUnixware2.1.0*******

Vulnerable Software List

VendorProductVersions
Sco Unixware 2.0.x, 2.1.0

References

NameSourceURLTags
96:002ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02aSCO
VB-96.15http://www.cert.org/vendor_bulletins/VB-96.15.scoCERTPatch Third Party Advisory US Government Resource
sco-system-call(1966)https://exchange.xforce.ibmcloud.com/vulnerabilities/1966XF