Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1210

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-1999-1210
Last Modified 05 Sep 2008 04:18:59
Published 12 Nov 1997 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1210

Summary

xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.

Vulnerable Systems

Operating System

  • Digital Unix 4.0b


References

XF - dec-xterm(613)

BUGTRAQ - 19971112 Digital Unix Security Problem


Last Updated: 27 May 2016 10:35:19