• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
20020315 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20020315)
Votes (Legacy)
ACCEPT(2) Frech, Green
NOOP(4) Cole, Foat, Wall, Ziese
REVIEWING(1) Christey
Comments (Legacy)
 Christey> CALDERA:CSSA-2002-SCO.18
   Note: the advisory sort-of implies that world-write
   permissions were the key problem, so the fact that a symlink
   attack could take place did not necessarily mean that a
   symlink following vulnerability really existed, in the sense
   that symlink attacks don't exist in directories that are
   not writable by other users (well, without those users
   exploiting some *other* vulnerability to allow them to create
   the symlink!)
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Christey> Hmmm... should XF:cde-dt-world-writable(9045) really be added
   here?  ISS may have "split" between the permissions issue
   and the symlink problem.

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.