Vulnerabilities > CVE-2002-0678

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

Vulnerable Configurations

Part	Description	Count
OS	Sgi SGI Irix 6.5.6 SGI Irix 5.3 SGI Irix 6.0.1 SGI Irix 6.5.1 SGI Irix 6.5.10 SGI Irix 6.1 SGI Irix 5.2 SGI Irix 6.4 SGI Irix 6.5.15 SGI Irix 6.5.9 SGI Irix 6.5.12 SGI Irix 6.5.5 SGI Irix 6.5.14 SGI Irix 6.5.8 SGI Irix 6.5.3 SGI Irix 6.5.11 SGI Irix 6.5.4 SGI Irix 6.0 SGI Irix 6.5 SGI Irix 6.5.16 SGI Irix 6.2 SGI Irix 6.3 SGI Irix 6.5.13 SGI Irix 6.5.7 SGI Irix 6.5.2	25
OS	Hp HP HP UX 11.11 HP HP UX 11.00 HP HP UX 10.24 HP HP UX 10.10 HP HP UX 10.20	5
OS	Sun SUN Sunos 5.7 SUN Sunos 5.8 SUN Sunos 5.5.1 SUN Solaris 9.0 SUN Solaris 2.6	5
OS	Compaq Compaq Tru64 4.0G Compaq Tru64 5.0A Compaq Tru64 5.1A Compaq Tru64 4.0F Compaq Tru64 5.1	5
OS	Ibm IBM AIX 4.3.3 IBM AIX 5.1	2
OS	Caldera Caldera Openunix 8.0	1
Application	Xi_Graphics XI Graphics Dextop 2.1	1
Application	Caldera Caldera Unixware 7.0 Caldera Unixware 7.1.0 Caldera Unixware 7.1.1	3

Oval

accepted

2010-09-20T04:00:17.387-04:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Todd Dolinsky
organization Opsware, Inc.
name Jonathan Baker
organization The MITRE Corporation

description

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

family

unix

oval:org.mitre.oval:def:175

status

accepted

submitted

2003-01-29T12:00:00.000-04:00

title

Solaris 8 CDE ToolTalk Database Server Symbolic Link Vulnerability

version

accepted

2010-09-20T04:00:20.686-04:00

class

vulnerability

contributors

name Brian Soby
organization The MITRE Corporation
name Brian Soby
organization The MITRE Corporation
name Brian Soby
organization The MITRE Corporation
name Todd Dolinsky
organization Opsware, Inc.
name Jonathan Baker
organization The MITRE Corporation

description

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

family

unix

oval:org.mitre.oval:def:2770

status

accepted

submitted

2004-10-15T12:00:00.000-04:00

title

Solaris 9 CDE ToolTalk Database Server Symbolic Link Vulnerability

version

accepted

2010-09-20T04:00:37.114-04:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Todd Dolinsky
organization Opsware, Inc.
name Jonathan Baker
organization The MITRE Corporation

description

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

family

unix

oval:org.mitre.oval:def:80

status

accepted

submitted

2003-01-29T12:00:00.000-04:00

title

Solaris 7 CDE ToolTalk Database Symbolic Link Vulnerability

version

Vulnerabilities > CVE-2002-0678 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2002-0678"}]}

Summary

Vulnerable Configurations

Oval

References

Vulnerabilities > CVE-2002-0678