CVE-2002-0677

3 documents3 sources

Severity

7.5HIGH

EPSS

14.9%

top 5.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Caldera Openunix Caldera Unixware Compaq Tru64 +6 more

Timeline

PublishedJul 23

Latest updateMay 3

Description

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶NVDibm/aix4.3.3, 5.1+1

▶NVDhp/hp-ux5 versions+4

▶NVDsgi/irix25 versions+24

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

▶NVDsun/solaris2.6

Patches

Patch: www.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-7323-cqwq-wfqw: CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, v↗2022-05-03

▶

CVEList

CVE-2002-0677: CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, v↗2002-07-12

▶