Vulnerabilities > CVE-2002-1199
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| OS | 3 | |
| OS | 3 |
Oval
| accepted | 2005-03-09T07:56:00.000-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:2423 | ||||
| status | accepted | ||||
| submitted | 2005-01-19T12:00:00.000-04:00 | ||||
| title | ypxfrd File Disclosure Vulnerability | ||||
| version | 35 |
References
- ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
- ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
- http://marc.info/?l=bugtraq&m=103426842025029&w=2
- http://marc.info/?l=bugtraq&m=103426842025029&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
- http://www.iss.net/security_center/static/10329.php
- http://www.iss.net/security_center/static/10329.php
- http://www.kb.cert.org/vuls/id/538033
- http://www.kb.cert.org/vuls/id/538033
- http://www.securityfocus.com/bid/5937
- http://www.securityfocus.com/bid/5937
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423