CVE-ID

CVE-1999-0828

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • BID:853
  • URL:http://www.securityfocus.com/bid/853
  • BUGTRAQ:19991203 UnixWare and the dacread permission
  • BUGTRAQ:19991204 UnixWare pkg* command exploits
  • BUGTRAQ:19991220 SCO OpenServer Security Status
  • BUGTRAQ:19991223 FYI, SCO Security patches available.
Assigning CNA
MITRE Corporation
Date Record Created
19991207 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000121)
Votes (Legacy)
ACCEPT(3) Armstrong, Baker, Stracener
MODIFY(2) Cole, Frech
REVIEWING(2) Christey, Prosser
Comments (Legacy)
 Cole> This is BID 850.
 Christey> See comments on CVE-1999-0988.  Perhaps these two should be
   merged. ftp://ftp.sco.com/SSE/security_bulletins/SB-99.28a
   loosely alludes to this problem; the README for patch SSE053
   effectively confirms it.
 Frech> XF:sco-pkg-dacread-fileread

Proposed (Legacy)
19991208
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.