Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0828

6 documents4 sources
Severity
3.6LOW
EPSS
0.4%
top 42.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SCO Unixware
Timeline
PublishedDec 2
Latest updateApr 30

Description

UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

â–¶NVDsco/unixware7.0, 7.1+1

🔴Vulnerability Details

2
GHSA
GHSA-234r-5236-88h3: UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission↗2022-04-30
â–¶
CVEList
CVE-1999-0828: UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission↗2000-02-04
â–¶

💥Exploits & PoCs

3
Exploit-DB
SCO Unixware 7.1 pkgcat - Local Buffer Overflow↗1999-12-06
â–¶
Exploit-DB
SCO Unixware 7.1 pkginstall - Local Buffer Overflow↗1999-12-06
â–¶
Exploit-DB
SCO Unixware 7.1 - 'pkg' Local Privilege Escalation↗1999-12-03
â–¶
CVE-1999-0828 (LOW CVSS 3.6) | UnixWare pkg commands such as pkgin | cvebase.io