A vulnerability has been found in SCO UnixWare 7.0/7.0.1/7.1/7.1.1 (Operating System) and classified as critical. This vulnerability affects an unknown code block of the file /core.pid of the component Coredump. The manipulation with an unknown input leads to a symlink vulnerability. The CWE definition for the vulnerability is CWE-61. The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

The weakness was shared 12/03/1999 by Brock Tellier (Website). The advisory is available at securityfocus.com. This vulnerability was named CVE-1999-0864. The exploitation appears to be easy. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known.

It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at Exploit-DB (19659) and SecurityFocus (BID 851†). The entries VDB-15036 and VDB-15033 are related to this item. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• SCO

Name

• UnixWare

Version

• 7.0
• 7.0.1
• 7.1
• 7.1.1

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion