Caldera UnixWare Dtlogin Utility Error File Permission Flaw Lets Local Users Overwrite Critical Files on the Server and May Allow a Local Users to Obtain Elevated Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Dtlogin

Vendors: Caldera/SCO

Caldera UnixWare Dtlogin Utility Error File Permission Flaw Lets Local Users Overwrite Critical Files on the Server and May Allow a Local Users to Obtain Elevated Privileges

SecurityTracker Alert ID: 1003197

SecurityTracker URL: http://securitytracker.com/id/1003197

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jan 11 2002

Impact: Modification of system information, Modification of user information, User access via local system

Exploit Included: Yes

Description: A vulnerability was reported in Caldera's (SCO) UnixWare dtlogin utility. A local user may be able to cause files on the host to be overwritten.

Dtlogin apparently writes error log entries to the file /var/dt/Xerrors. It is reported that the default configuration permissions on /var/dt are '777' (global read, write, and execute). As a result, a remote user can create a symbolic link (symlink) from /var/dt/Xerrors to a critical file and then use dtlogin in a manner that will create an error condition to cause the dtlogin process to write error log entries to the linked file.

Impact: A local user may be able to cause critical files to be overwritten, possibly with user-specified data. It may be possible for the local user to obtain elevated privileges, but that has not been confirmed.

Solution: No solution was available at the time of this entry.

Vendor URL: www.caldera.com/ (Links to External Site)

Cause: Access control error, State error

Underlying OS: UNIX (Open UNIX-SCO)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Caldera Issues Fix) Caldera UnixWare Dtlogin Utility Error File Permission Flaw Lets Local Users Overwrite Critical Files on the Server and May Allow a Local Users to Obtain Elevated Privileges (security@caldera.com)
The vendor has released a fix.

Source Message Contents

Date: 8 Jan 2002 06:13:59 -0000
Subject: CDE bug in Unixware 7.1




Hi, I'm jGgM.

Unixware 7.1 dtlogin make bug reporting 
to /var/dt/Xerrors.
but, permision of /var/dt is 777.

make symlink /var/dt/Xerrors to any file. for example)
 ln -sf /etc/.rhosts /var/dt/Xerrors

and, Login from another system to Unixware machine.

If another system does not have hostname, Unixware 
machine occured warning
message 'Can not find hostname' at /var/dt/Xerrors

http://www.netemperor.com/en/
Mail: jggm@mail.com

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC