PUBLISHED DATE: October 28, 2002CVE-2002-1199:
Directory Traversal Vulnerability

Description

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

Products

• Caldera OpenLinux 2.2
• Caldera OpenLinux 2.3
• Caldera OpenLinux 2.4
• SCO OpenServer 5.0.5
• Santa Cruz Operation (SCO) OpenServer 5.0.6
• SCO OpenServer 5.0.6a
• Sun Solaris 9.0 on SPARC
• Sun Microsystems Solaris 7
• Sun SunOS (Solaris 8) 5.8

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-1199, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-1199 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-1199