CVE-2002-0678

3 documents3 sources

Severity

7.2HIGH

EPSS

0.4%

top 37.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Caldera Openunix Caldera Unixware Compaq Tru64 +6 more

Timeline

PublishedJul 23

Latest updateMay 3

Description

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages9 packages

▶NVDibm/aix4.3.3, 5.1+1

▶NVDhp/hp-ux5 versions+4

▶NVDsgi/irix25 versions+24

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

▶NVDsun/solaris2.6, 9.0+1

Patches

Patch: www.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-mjg7-rq8m-c73g: CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the↗2022-05-03

▶

CVEList

CVE-2002-0678: CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the↗2003-04-02

▶