CVE-ID

CVE-1999-0988
Learn more at National Vulnerability Database (NVD)
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19991214 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000121)
Votes (Legacy)
ACCEPT(3) Baker, Blake, Cole
MODIFY(1) Frech
RECAST(1) Stracener
REVIEWING(1) Christey
Comments (Legacy) 
 Stracener> The pkg* programs pkgtrans, pkginfo, pkgcat, pkginstall, and pkgparam
   can be used to mount etc/shadow printing attacks as a result of the
   "dacread" permission (cf. /etc/security/tcb/privs). The procedural
   differences between the individual exploits for each of these utilities
   are therefore inconsequential. CVE-1999-0988 should be merged with
   CVE-1999-0828. From the standpoint of maintaining consistency of the
   level of abstraction used in CVE, the co-existence of CANS
   1999-0988/1999-0828 present two choices: either merge 0988 with 0828, or
   split 0828 into 4 distinct candidates, keeping 0988 intact. Due to the
   very small differences (in principle) between the exploits subsumed by
   0828 and 0988 and the shared dacread permissions of the pkg* suite, I
   suggest a merge. Below is a summary of the data upon which my decision
   was based.
   utility         exploit
   --------      ---------------------------------- 
 pkgtrans  --> symlink + dacread permission prob
 pkginfo   --> truss (debugging utility) in conjunction with pkginfio -d
   etc/shadow. In this case, it captures the interaction between
   pkginfo                the shadow file. Once again: dacread.
 pkgcat    --> buffer overflow  + dacread permission prob
 pkginstall -> buffer overflow + dacread permission prob
 pkgparam --> -f etc/shadow (works because of dacread).
 Christey> This is a tough one.  While there are few procedural
   differences, one could view "assignment of an improper
   permission" as a "class" of problems along the lines of
   buffer overflows and the like.  Just like some programs
   were fine until they got turned into CGI scripts, this
   could be an emerging pattern which should be given
   consideration.  Consider the Eyedog and scriptlet.typelib
   ActiveX utilities being marked as safe for scripting
   (CVE-1999-0668 and 0669).
   
   ftp://ftp.sco.com/SSE/security_bulletins/SB-99.28a loosely
   alludes to this problem; the README for patch SSE053
   effectively confirms it.
 Frech> XF:unixware-pkgtrans-symlink
Proposed (Legacy)
19991214
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
  
You can also search by reference using the CVE Reference Maps.
For More Information:  CVE Request Web Form (select "Other" from dropdown)
Back to top