CVE-1999-1138 in Unixinfo

Summary

by MITRE

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/16/2026

The vulnerability described in CVE-1999-1138 represents a critical privilege escalation issue affecting SCO UNIX System V/386 Release 3.2 and related SCO products. This flaw stems from improper default directory creation and permission settings during system installation, creating security risks that directly violate fundamental principles of secure system administration and access control. The issue manifests through the installation of specific user home directories in world-writable locations, specifically /tmp for the dos user and /usr/tmp for the asg user, which creates an inherent security weakness that can be exploited by malicious actors.

The technical flaw lies in the improper configuration of user home directories during the installation process of SCO UNIX systems. When the dos user account is created, its home directory is incorrectly placed in /tmp, while the asg user's home directory is placed in /usr/tmp, both of which are world-writable directories. This configuration violates security best practices and creates a scenario where any user on the system can access, modify, or even execute code within these directories. The root cause can be categorized under CWE-732, which deals with Incorrect Permission Assignment for Critical Resources, and specifically aligns with CWE-276, Incorrect Permission Assignment, as the system fails to properly assign restrictive permissions to sensitive directories.

The operational impact of this vulnerability is significant and multifaceted, as it provides unauthorized users with potential access to sensitive account information and system resources. Attackers can exploit this weakness to gain access to user files, potentially intercept communications, modify system configurations, or establish persistent access through the compromised accounts. The presence of world-writable directories in the home directory locations means that any user can create, modify, or delete files in these locations, effectively bypassing normal access controls and user isolation mechanisms. This vulnerability particularly affects system security by undermining the principle of least privilege and creating potential attack vectors for privilege escalation, which directly maps to techniques described in the MITRE ATT&CK framework under T1068 for Exploitation for Privilege Escalation.

The security implications extend beyond simple file access, as these compromised directories could serve as staging areas for more sophisticated attacks. An attacker could place malicious executables in these locations, potentially leading to code execution with elevated privileges, or use the directories to establish backdoors or maintain persistent access to the system. The vulnerability also creates audit and logging challenges, as unauthorized access attempts within these directories may not be properly tracked or reported. Organizations running affected SCO UNIX systems would face significant security risks, including potential data breaches, system compromise, and violation of compliance requirements for secure system administration. The flaw represents a classic example of poor secure configuration management and highlights the importance of proper system hardening practices.

Mitigation strategies for this vulnerability should focus on immediate remediation through proper directory relocation and permission configuration. System administrators should immediately move the problematic home directories to secure locations with appropriate permissions, ensuring that no user accounts have their home directories in world-writable locations such as /tmp or /usr/tmp. The recommended approach involves changing the directory locations to secure paths with restrictive permissions, typically using chmod to set appropriate access controls and ownership settings. Additionally, system hardening procedures should be implemented to prevent similar issues in future installations, including proper configuration management, regular security audits, and adherence to secure configuration guidelines. Organizations should also implement monitoring and alerting for unauthorized access attempts to sensitive system directories, and conduct comprehensive security assessments to identify and remediate similar configuration weaknesses across their entire system infrastructure. The vulnerability underscores the critical importance of proper system installation procedures and the necessity of following secure configuration standards to prevent such fundamental security flaws from being introduced into production environments.

Disclosure

09/17/1993

Moderation

accepted

Entry

VDB-13664

CPE

ready

EPSS

0.01577

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!