CVE-2002-0678

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published2002-07-23 12:00:00.000-04
Last Modified2018-10-30 12:26:22.000-04

Vulnerable Software List

VendorProductVersions
Xi Graphics Dextop 2.1
Caldera Openunix 8.0
Caldera Unixware 7.0, 7.1.0, 7.1.1
Sgi Irix 5.2, 5.3, 6, 6.0, 6.0.1, 6.1, 6.2, 6.3, 6.4, 6.5, 6.5.1, 6.5.10, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9
Ibm Aix 4.3.3, 5.1
Hp Hp-ux 10.10, 10.20, 10.24, 11.00, 11.11
Sun Sunos 5.5.1, 5.7, 5.8
Sun Solaris 2.6, 9.0::sparc
Compaq Tru64 4.0f, 4.0g, 5.0a, 5.1, 5.1a

References

SourceLink
CALDERACSSA-2002-SCO.28
SGI20021101-01-P
AIXAPARIY32368
BUGTRAQ20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
CERTCA-2002-20
XFtooltalk-ttdbserverd-tttransaction-symlink(9527)
CERT-VNVU#299816
BID5083
HPHPSBUX0207-199