Vulnerability Description
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sco | Open Desktop | 1.0 |
| Sco | Open Desktop Lite | 3.0 |
| Sco | Openserver | 3.0 |
| Sco | Unix | system_v386_3.2_operating_system |
References
- http://www.cert.org/advisories/CA-1993-13.htmlUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/546
- http://www.cert.org/advisories/CA-1993-13.htmlUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/546
FAQ
What is CVE-1999-1138?
CVE-1999-1138 is a vulnerability with a CVSS score of 10.0 (HIGH). SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those ...
How severe is CVE-1999-1138?
CVE-1999-1138 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1138?
Check the references section above for vendor advisories and patch information. Affected products include: Sco Open Desktop, Sco Open Desktop Lite, Sco Openserver, Sco Unix.