CVE-2002-1199

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2002-10-28 12:00:00.000-05
Last Modified2018-10-30 12:26:22.000-04

Vulnerable Software List

VendorProductVersions
Caldera Openlinux 2.2, 2.3, 2.4
Sun Sunos 5.7, 5.8
Sun Solaris 9.0::sparc
Sco Openserver 5.0.5, 5.0.6, 5.0.6a

References

SourceLink
CALDERACSSA-2002-SCO.40
BUGTRAQ20021010 Multiple vendor ypxfrd map handling vulnerability
SUNALERT47903
XFypxfrd-file-disclosure(10329)
CERT-VNVU#538033
BID5937