CVE - CVE-1999-0988

CVE-ID
CVE-1999-0988	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:19991204 UnixWare pkg* command exploits BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 BUGTRAQ:19991220 SCO OpenServer Security Status BUGTRAQ:19991223 FYI, SCO Security patches available. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0988
Assigning CNA
MITRE Corporation
Date Record Created
19991214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000121)
Votes (Legacy)
ACCEPT(3) Baker, Blake, Cole MODIFY(1) Frech RECAST(1) Stracener REVIEWING(1) Christey
Comments (Legacy)
Stracener> The pkg* programs pkgtrans, pkginfo, pkgcat, pkginstall, and pkgparam can be used to mount etc/shadow printing attacks as a result of the "dacread" permission (cf. /etc/security/tcb/privs). The procedural differences between the individual exploits for each of these utilities are therefore inconsequential. CVE-1999-0988 should be merged with CVE-1999-0828. From the standpoint of maintaining consistency of the level of abstraction used in CVE, the co-existence of CANS 1999-0988/1999-0828 present two choices: either merge 0988 with 0828, or split 0828 into 4 distinct candidates, keeping 0988 intact. Due to the very small differences (in principle) between the exploits subsumed by 0828 and 0988 and the shared dacread permissions of the pkg* suite, I suggest a merge. Below is a summary of the data upon which my decision was based. utility exploit -------- ---------------------------------- pkgtrans --> symlink + dacread permission prob pkginfo --> truss (debugging utility) in conjunction with pkginfio -d etc/shadow. In this case, it captures the interaction between pkginfo the shadow file. Once again: dacread. pkgcat --> buffer overflow + dacread permission prob pkginstall -> buffer overflow + dacread permission prob pkgparam --> -f etc/shadow (works because of dacread). Christey> This is a tough one. While there are few procedural differences, one could view "assignment of an improper permission" as a "class" of problems along the lines of buffer overflows and the like. Just like some programs were fine until they got turned into CGI scripts, this could be an emerging pattern which should be given consideration. Consider the Eyedog and scriptlet.typelib ActiveX utilities being marked as safe for scripting (CVE-1999-0668 and 0669). ftp://ftp.sco.com/SSE/security_bulletins/SB-99.28a loosely alludes to this problem; the README for patch SSE053 effectively confirms it. Frech> XF:unixware-pkgtrans-symlink
Proposed (Legacy)
19991214
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)