Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0678

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0678
Last Modified 07 Mar 2011 09:08:40
Published 23 Jul 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0678

Summary

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

Vulnerable Systems

Operating System

  • Caldera Openunix 8.0

  • Compaq Tru64 4.0f

  • Compaq Tru64 4.0g

  • Compaq Tru64 5.0a

  • Compaq Tru64 5.1

  • Compaq Tru64 5.1a

  • Hp-ux 10.10

  • Hp-ux 10.20

  • Hp-ux 10.24

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Ibm Aix 4.3.3

  • Ibm Aix 5.1

  • Sgi Irix 5.2

  • Sgi Irix 5.3

  • Sgi Irix 6.0

  • Sgi Irix 6.0.1

  • Sgi Irix 6.1

  • Sgi Irix 6.2

  • Sgi Irix 6.3

  • Sgi Irix 6.4

  • Sgi Irix 6.5

  • Sgi Irix 6.5.1

  • Sgi Irix 6.5.10

  • Sgi Irix 6.5.11

  • Sgi Irix 6.5.12

  • Sgi Irix 6.5.13

  • Sgi Irix 6.5.14

  • Sgi Irix 6.5.15

  • Sgi Irix 6.5.16

  • Sgi Irix 6.5.2

  • Sgi Irix 6.5.3

  • Sgi Irix 6.5.4

  • Sgi Irix 6.5.5

  • Sgi Irix 6.5.6

  • Sgi Irix 6.5.7

  • Sgi Irix 6.5.8

  • Sgi Irix 6.5.9

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0

Application

  • Caldera Unixware 7.0

  • Caldera Unixware 7.1.0

  • Caldera Unixware 7.1.1

  • Xi Graphics Dextop 2.1


References

CERT-VN - VU#299816

CERT - CA-2002-20

BUGTRAQ - 20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server

AIXAPAR - IY32368

HP - HPSBUX0207-199

BID - 5083

XF - tooltalk-ttdbserverd-tttransaction-symlink(9527)

SGI - 20021101-01-P

CALDERA - CSSA-2002-SCO.28

AIXAPAR - IY32370


Last Updated: 27 May 2016 10:53:49