CVE-2002-1199
Caldera OpenLinux - Directory Traversal and Symlink Attack via ypxfrd getdbm Procedure
Title source: llmDescription
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103426842025029&w=2
Various Sources vendor-advisory
x_refsource_caldera
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10329.php
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/538033
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5937
Scores
EPSS
0.0838
EPSS Percentile
92.4%
Details
Status
published
Products (9)
caldera/openlinux
2.2
caldera/openlinux
2.3
caldera/openlinux
2.4
sco/openserver
5.0.5
sco/openserver
5.0.6
sco/openserver
5.0.6a
sun/solaris
9.0
sun/sunos
5.7
sun/sunos
5.8
Published
Oct 28, 2002
Tracked Since
Feb 18, 2026