CVE-2002-0677

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2002-07-23 12:00:00.000-04
Last Modified2018-10-30 12:26:22.000-04

Vulnerable Software List

VendorProductVersions
Xi Graphics Dextop 2.1
Caldera Openunix 8.0
Caldera Unixware 7, 7.1 .0, 7.1.1
Sgi Irix 5.2, 5.3, 6, 6.0, 6.0.1, 6.1, 6.2, 6.3, 6.4, 6.5, 6.5.1, 6.5.10, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9
Ibm Aix 4.3.3, 5.1
Hp Hp-ux 10.10, 10.20, 10.24, 11.00, 11.11
Sun Sunos 5.5.1, 5.7, 5.8
Sun Solaris 2.6
Compaq Tru64 4.0f, 4.0g, 5.0a, 5.1, 5.1a

References

SourceLink
CALDERACSSA-2002-SCO.28
SGI20021102-02-P
BUGTRAQ20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
CERTCA-2002-20
CERT-VNVU#975403