Vulnerabilities > CVE-1999-1138 - Unspecified vulnerability in SCO products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sco

critical

NVD

Published: 1993-09-17

Updated: 2017-10-10

Summary

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Vulnerable Configurations

Part	Description	Count
OS	Sco SCO Open Desktop 1.0 SCO Open Desktop 2.0 SCO Open Desktop 3.0 SCO Open Desktop Lite 3.0 SCO Openserver 3.0 SCO Unix System_V386_3.2_Operating_System SCO Unix System_V386_3.2_Operating_System_2.0 SCO Unix System_V386_3.2_Operating_System_4.0 SCO Unix System_V386_3.2_Operating_System_4.X	9

References

http://www.cert.org/advisories/CA-1993-13.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/546