Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-1999-1138

Published: Sep 17, 1993 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-1999-1138
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Affected Software

Name Vendor Start Version End Version
Open_desktop Sco 1.0 1.0
Open_desktop Sco 2.0 2.0
Open_desktop Sco 3.0 3.0
Open_desktop_lite Sco 3.0 3.0
Openserver Sco 3.0 3.0
Unix Sco system_v386_3.2_operating_system system_v386_3.2_operating_system
Unix Sco system_v386_3.2_operating_system_2.0 system_v386_3.2_operating_system_2.0
Unix Sco system_v386_3.2_operating_system_4.0 system_v386_3.2_operating_system_4.0
Unix Sco system_v386_3.2_operating_system_4.x system_v386_3.2_operating_system_4.x

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use