Vulnerabilities > CVE-2002-0678 - Symbolic Link vulnerability in Multiple Vendor CDE ToolTalk Database Server
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 1 | |
| OS | Sgi
| 25 |
| OS | 1 | |
| OS | 5 | |
| OS | 5 | |
| OS | 2 | |
| OS | 5 |
Oval
accepted 2010-09-20T04:00:17.387-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. family unix id oval:org.mitre.oval:def:175 status accepted submitted 2003-01-29T12:00:00.000-04:00 title Solaris 8 CDE ToolTalk Database Server Symbolic Link Vulnerability version 37 accepted 2010-09-20T04:00:20.686-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. family unix id oval:org.mitre.oval:def:2770 status accepted submitted 2004-10-15T12:00:00.000-04:00 title Solaris 9 CDE ToolTalk Database Server Symbolic Link Vulnerability version 39 accepted 2010-09-20T04:00:37.114-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. family unix id oval:org.mitre.oval:def:80 status accepted submitted 2003-01-29T12:00:00.000-04:00 title Solaris 7 CDE ToolTalk Database Symbolic Link Vulnerability version 37
References
- ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
- ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
- http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
- http://marc.info/?l=bugtraq&m=102635906423617&w=2
- http://www.cert.org/advisories/CA-2002-20.html
- http://www.iss.net/security_center/static/9527.php
- http://www.kb.cert.org/vuls/id/299816
- http://www.securityfocus.com/bid/5083
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80