CVE-ID

CVE-1999-0828

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • BUGTRAQ:19991203 UnixWare and the dacread permission
  • BUGTRAQ:19991204 UnixWare pkg* command exploits
  • BUGTRAQ:19991223 FYI, SCO Security patches available.
  • BUGTRAQ:19991220 SCO OpenServer Security Status
  • BID:853
  • URL:http://www.securityfocus.com/bid/853
Date Entry Created
19991207 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000121-01)
Votes (Legacy)
ACCEPT(3) Armstrong, Baker, Stracener
MODIFY(2) Cole, Frech
REVIEWING(2) Christey, Prosser
Comments (Legacy)
 Cole> This is BID 850.
 Christey> See comments on CVE-1999-0988.  Perhaps these two should be
   merged. ftp://ftp.sco.com/SSE/security_bulletins/SB-99.28a
   loosely alludes to this problem; the README for patch SSE053
   effectively confirms it.
 Frech> XF:sco-pkg-dacread-fileread

Proposed (Legacy)
19991208
This is an entry on the CVE list, which standardizes names for security problems.