CVE-2002-1199

3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.1%

top 15.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Caldera Openlinux SCO Openserver SUN Solaris +1 more

Timeline

PublishedOct 28

Latest updateMay 3

Description

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDsun/sunos5.7, 5.8+1

▶NVDsun/solaris9.0

▶NVDsco/openserver5.0.5, 5.0.6, 5.0.6a+2

▶NVDcaldera/openlinux2.2, 2.3, 2.4+2

🔴Vulnerability Details

GHSA

GHSA-c5xg-42v5-7fgx: The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory tra↗2022-05-03

▶

CVEList

CVE-2002-1199: The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory tra↗2004-09-01

▶