CVE-1999-1210 - xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a

CVE-1999-1210

Summary

xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.

References

http://marc.info/?l=bugtraq&m=87936891504885&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/613

Vulnerable Configurations

cpe:2.3:o:digital:unix:4.0b:*:*:*:*:*:*:*
cpe:2.3:o:digital:unix:4.0b:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	19971112 Digital Unix Security Problem
xf	dec-xterm(613)

Last major update

19-12-2017 - 02:29

Published

12-11-1997 - 05:00

Last modified

19-12-2017 - 02:29