Vulnerabilities > CVE-2002-1199 - Local File Disclosure vulnerability in ypxfrd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| OS | 3 | |
| OS | 3 |
Oval
| accepted | 2005-03-09T07:56:00.000-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:2423 | ||||
| status | accepted | ||||
| submitted | 2005-01-19T12:00:00.000-04:00 | ||||
| title | ypxfrd File Disclosure Vulnerability | ||||
| version | 35 |
References
- ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
- http://marc.info/?l=bugtraq&m=103426842025029&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
- http://www.iss.net/security_center/static/10329.php
- http://www.kb.cert.org/vuls/id/538033
- http://www.securityfocus.com/bid/5937
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423