SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Dtlogin Vendors:   Caldera/SCO
Caldera UnixWare Dtlogin Utility Error File Permission Flaw Lets Local Users Overwrite Critical Files on the Server and May Allow a Local Users to Obtain Elevated Privileges
SecurityTracker Alert ID:  1003197
SecurityTracker URL:  http://securitytracker.com/id/1003197
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 11 2002
Impact:   Modification of system information, Modification of user information, User access via local system
Exploit Included:  Yes  

Description:   A vulnerability was reported in Caldera's (SCO) UnixWare dtlogin utility. A local user may be able to cause files on the host to be overwritten.

Dtlogin apparently writes error log entries to the file /var/dt/Xerrors. It is reported that the default configuration permissions on /var/dt are '777' (global read, write, and execute). As a result, a remote user can create a symbolic link (symlink) from /var/dt/Xerrors to a critical file and then use dtlogin in a manner that will create an error condition to cause the dtlogin process to write error log entries to the linked file.

Impact:   A local user may be able to cause critical files to be overwritten, possibly with user-specified data. It may be possible for the local user to obtain elevated privileges, but that has not been confirmed.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1, possibly other versions

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Caldera Issues Fix) Caldera UnixWare Dtlogin Utility Error File Permission Flaw Lets Local Users Overwrite Critical Files on the Server and May Allow a Local Users to Obtain Elevated Privileges
The vendor has released a fix.



 Source Message Contents

Subject:  CDE bug in Unixware 7.1




Hi, I'm jGgM.

Unixware 7.1 dtlogin make bug reporting 
to /var/dt/Xerrors.
but, permision of /var/dt is 777.

make symlink /var/dt/Xerrors to any file. for example)
 ln -sf /etc/.rhosts /var/dt/Xerrors

and, Login from another system to Unixware machine.

If another system does not have hostname, Unixware 
machine occured warning
message 'Can not find hostname' at /var/dt/Xerrors

http://www.netemperor.com/en/
Mail: jggm@mail.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC