• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • BUGTRAQ:19991203 UnixWare and the dacread permission
  • BUGTRAQ:19991204 UnixWare pkg* command exploits
  • BUGTRAQ:19991223 FYI, SCO Security patches available.
  • BUGTRAQ:19991220 SCO OpenServer Security Status
  • BID:853
  • URL:
Assigning CNA
Date Entry Created
19991207 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000121-01)
Votes (Legacy)
ACCEPT(3) Armstrong, Baker, Stracener
MODIFY(2) Cole, Frech
REVIEWING(2) Christey, Prosser
Comments (Legacy)
 Cole> This is BID 850.
 Christey> See comments on CVE-1999-0988.  Perhaps these two should be
   loosely alludes to this problem; the README for patch SSE053
   effectively confirms it.
 Frech> XF:sco-pkg-dacread-fileread

Proposed (Legacy)
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.