Vulnerability Description
xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digital | Unix | 4.0b |
References
- http://marc.info/?l=bugtraq&m=87936891504885&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/613
- http://marc.info/?l=bugtraq&m=87936891504885&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/613
FAQ
What is CVE-1999-1210?
CVE-1999-1210 is a vulnerability with a CVSS score of 7.2 (HIGH). xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environment...
How severe is CVE-1999-1210?
CVE-1999-1210 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1210?
Check the references section above for vendor advisories and patch information. Affected products include: Digital Unix.