FKIE_CVE-2002-0678

Vulnerability from fkie_nvd - Published: 2002-07-23 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
References
cve@mitre.orgftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
cve@mitre.orghttp://archives.neohapsis.com/archives/aix/2002-q3/0002.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=102635906423617&w=2
cve@mitre.orghttp://www.cert.org/advisories/CA-2002-20.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.iss.net/security_center/static/9527.php
cve@mitre.orghttp://www.kb.cert.org/vuls/id/299816Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/5083
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=102635906423617&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.cert.org/advisories/CA-2002-20.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9527.php
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/299816Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5083
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80
Impacted products
Vendor Product Version
caldera unixware 7.0
caldera unixware 7.1.0
caldera unixware 7.1.1
xi_graphics dextop 2.1
sgi irix 5.2
sgi irix 5.3
sgi irix 6.0
sgi irix 6.0.1
sgi irix 6.1
sgi irix 6.2
sgi irix 6.3
sgi irix 6.4
sgi irix 6.5
sgi irix 6.5.1
sgi irix 6.5.2
sgi irix 6.5.3
sgi irix 6.5.4
sgi irix 6.5.5
sgi irix 6.5.6
sgi irix 6.5.7
sgi irix 6.5.8
sgi irix 6.5.9
sgi irix 6.5.10
sgi irix 6.5.11
sgi irix 6.5.12
sgi irix 6.5.13
sgi irix 6.5.14
sgi irix 6.5.15
sgi irix 6.5.16
caldera openunix 8.0
compaq tru64 4.0f
compaq tru64 4.0g
compaq tru64 5.0a
compaq tru64 5.1
compaq tru64 5.1a
hp hp-ux 10.10
hp hp-ux 10.20
hp hp-ux 10.24
hp hp-ux 11.00
hp hp-ux 11.11
ibm aix 4.3.3
ibm aix 5.1
sun solaris 2.6
sun solaris 9.0
sun sunos 5.5.1
sun sunos 5.7
sun sunos 5.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:caldera:unixware:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB26B9B-75E4-4E4F-9B4F-2621FE673C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caldera:unixware:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA04F71A-0CBA-4479-A5BA-58AED5F67B60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caldera:unixware:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9341A7B9-9087-4022-BA1C-254B0050FA88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xi_graphics:dextop:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE1691F6-D053-42AA-925E-14C43308A30B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E292DA15-91BF-4957-9C0F-A69518538BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26144F94-63FD-4907-B548-09B68C2FC9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26309EFA-0991-46B6-9818-F0FBB902D5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A81ED6-CE92-4C10-AA2B-AB9AF573D120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "966C1A13-8007-408D-96BE-0DA3BB6CA401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECE564D-B4BB-4C05-88CC-CDC3F8E4E366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D59247-56FA-46B4-BB51-2DAE71AFC145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BE08F8-5F3F-45DB-BFE0-1F6F2F57A4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B60E50-4F5A-4404-BEA3-C94F7D27B156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECB750B-9F53-4DB6-8B26-71BCCA446FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "440B7208-34DB-4898-8461-4E703F7EDFB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5663579C-3AD2-4E5B-A595-C8DB984F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "29113D8E-9618-4A0E-9157-678332082858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "313613E9-4837-433C-90EE-84A92E8D24E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "41AA1290-5039-406F-B195-3A4C018202D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CC9410-F6B8-4748-B76F-30626279028E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC67401-C85A-4E4E-AE61-85FEBBF4346B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4427AC-07C1-4765-981B-B5D86D698C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EF0CEE-74A9-45C8-8AFD-77815230ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B24D34C-1F95-45C8-9A57-2D2622ED9019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD69805-D021-4DCC-9FB6-A0BEA721408A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B13C07CC-F615-4F30-B532-4BF6F02F84DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:caldera:openunix:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D9A9B-2A7E-40D4-846C-A195EC89CCEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB2B5B59-B0CD-4F49-870B-F8F8BE902965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "75546AD4-15DD-45FD-AFFB-8A59CB8D401C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C85EF72-0F04-4705-9BED-C921F5FB7860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E296E409-EF32-48FC-88CB-C38C7CF4A239",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9413090-D930-49DB-B7ED-7035C717B821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BFA923-7D80-4F01-AF9F-6F13209948AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "4259A901-A1CF-44EE-80C4-2031D3FCADC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "465B06C4-136D-4CD8-BA38-B6B50511624C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure."
    },
    {
      "lang": "es",
      "value": "El servidor de bases de datos CDE ToolTalk (ttdbserver) permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque en enlaces simb\u00f3licos (symlink attack) en el fichero de registro (log) de transacciones usado por el procedimiento RPC _TT_TRANSACTION"
    }
  ],
  "id": "CVE-2002-0678",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-07-23T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102635906423617\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-20.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9527.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/299816"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5083"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102635906423617\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-20.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9527.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/299816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.