Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1199

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1199
Last Modified 10 Sep 2008 03:14:02
Published 28 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1199

Summary

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

Vulnerable Systems

Operating System

  • Caldera Openlinux 2.2

  • Caldera Openlinux 2.3

  • Caldera Openlinux 2.4

  • Sco Openserver 5.0.5

  • Sco Openserver 5.0.6

  • Sco Openserver 5.0.6a

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0


References

CERT-VN - VU#538033

BUGTRAQ - 20021010 Multiple vendor ypxfrd map handling vulnerability

BID - 5937

XF - ypxfrd-file-disclosure(10329)

SUNALERT - 47903

CALDERA - CSSA-2002-SCO.40


Last Updated: 27 May 2016 10:37:14