Vulnerability CVE-2002-1199 - CERT Civis.Net

Vulnerability Name:

CVE-2002-1199 (CCN-10329)

Assigned:

2002-10-07

Published:

2002-10-07

Updated:

2018-10-30

Summary:

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: CALDERA
Type: UNKNOWN
CSSA-2002-SCO.40

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.40
OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access vulnerability

Source: CCN
Type: Compaq SECURITY BULLETIN
SSRT2339 (ypxfrd) and SSRT2368 (ypserv) HP Tru64 UNIX Potential Security Vulnerability

Source: CCN
Type: BugTraq Mailing List, Thu Oct 10 2002 - 11:39:26 CDT
Multiple vendor ypxfrd map handling vulnerability

Source: MITRE
Type: CNA
CVE-2002-1199

Source: BUGTRAQ
Type: UNKNOWN
20021010 Multiple vendor ypxfrd map handling vulnerability

Source: CCN
Type: Sun Alert ID: 47903
Security Vulnerability in the ypserv(1M) and ypxfrd(1M) Daemons

Source: SUNALERT
Type: UNKNOWN
47903

Source: CCN
Type: CIAC Information Bulletin O-046
HP 'ypxfrd' daemon Vulnerability

Source: XF
Type: UNKNOWN
ypxfrd-file-disclosure(10329)

Source: CCN
Type: US-CERT VU#538033
ypxfrd daemon fails to properly validate user supplied arguments in getdbm procedure

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#538033

Source: CCN
Type: OSVDB ID: 14507
Multiple Vendor ypxfrd getdbm Procedure Arbitrary File Access

Source: CCN
Type: BID-5912
Multiple Platforms ypxfrd Remote File Disclosure Vulnerability

Source: BID
Type: UNKNOWN
5937

Source: CCN
Type: BID-5937
ypxfrd Local File Disclosure Vulnerability

Source: XF
Type: UNKNOWN
ypxfrd-file-disclosure(10329)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2423

Vulnerable Configuration:

Configuration 1:

cpe:/o:caldera:openlinux:2.2:*:*:*:*:*:*:*

OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*

OR cpe:/o:caldera:openlinux:2.4:*:*:*:*:*:*:*

OR cpe:/o:sco:openserver:5.0.5:*:*:*:*:*:*:*

OR cpe:/o:sco:openserver:5.0.6:*:*:*:*:*:*:*

OR cpe:/o:sco:openserver:5.0.6a:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.26:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:2423	V	ypxfrd File Disclosure Vulnerability	2005-03-09