CVE-2002-0677
First published: Fri Jul 12 2002(Updated: )
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xinuos UnixWare | =7 | |
| Xinuos UnixWare | =7.1.1 | |
| Xinuos UnixWare | =7.1_.0 | |
| Xi Graphics Accelerated-X server | =2.1 | |
| SGI IRIX | =5.2 | |
| SGI IRIX | =5.3 | |
| SGI IRIX | =6.0 | |
| SGI IRIX | =6.0.1 | |
| SGI IRIX | =6.1 | |
| SGI IRIX | =6.2 | |
| SGI IRIX | =6.3 | |
| SGI IRIX | =6.4 | |
| SGI IRIX | =6.5 | |
| SGI IRIX | =6.5.1 | |
| SGI IRIX | =6.5.2 | |
| SGI IRIX | =6.5.3 | |
| SGI IRIX | =6.5.4 | |
| SGI IRIX | =6.5.5 | |
| SGI IRIX | =6.5.6 | |
| SGI IRIX | =6.5.7 | |
| SGI IRIX | =6.5.8 | |
| SGI IRIX | =6.5.9 | |
| SGI IRIX | =6.5.10 | |
| SGI IRIX | =6.5.11 | |
| SGI IRIX | =6.5.12 | |
| SGI IRIX | =6.5.13 | |
| SGI IRIX | =6.5.14 | |
| SGI IRIX | =6.5.15 | |
| SGI IRIX | =6.5.16 | |
| SCO Open UNIX | =8.0 | |
| HP Tru64 UNIX | =4.0f | |
| HP Tru64 UNIX | =4.0g | |
| HP Tru64 UNIX | =5.0a | |
| HP Tru64 UNIX | =5.1 | |
| HP Tru64 UNIX | =5.1a | |
| HPE HP-UX | =10.10 | |
| HPE HP-UX | =10.20 | |
| HPE HP-UX | =10.24 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.11 | |
| IBM AIX | =4.3.3 | |
| IBM AIX | =5.1 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =2.6 | |
| Sun SunOS | =5.5.1 | |
| Sun SunOS | =5.7 | |
| Sun SunOS | =5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cert.org/advisories/CA-2002-20.html
- http://www.kb.cert.org/vuls/id/975403
- http://marc.info/?l=bugtraq&m=102635906423617&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A91
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1099
Frequently Asked Questions
What is the severity of CVE-2002-0677?
CVE-2002-0677 is considered to have a high severity due to the potential for remote attackers to execute arbitrary code and gain privileges.
How do I fix CVE-2002-0677?
To fix CVE-2002-0677, you should apply the latest security patches provided by your software vendor that address the vulnerability.
Which software versions are affected by CVE-2002-0677?
CVE-2002-0677 affects multiple versions of Xinuos UnixWare, SGI IRIX, Compaq Tru64, HPE HP-UX, IBM AIX, and Sun Solaris/SunOS.
What type of vulnerability is CVE-2002-0677?
CVE-2002-0677 is a memory corruption vulnerability that allows overwriting of arbitrary memory locations.
Is there a workaround for CVE-2002-0677 if a patch cannot be applied immediately?
While the best mitigation for CVE-2002-0677 is a patch, you may temporarily limit access to affected services as a workaround.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/caldera
- canonical/xinuos unixware
- version/xinuos unixware/7
- version/xinuos unixware/7.1.1
- version/xinuos unixware/7.1_.0
- vendor/xi graphics
- canonical/xi graphics accelerated-x server
- version/xi graphics accelerated-x server/2.1
- vendor/sgi
- canonical/sgi irix
- version/sgi irix/5.2
- version/sgi irix/5.3
- version/sgi irix/6.0
- version/sgi irix/6.0.1
- version/sgi irix/6.1
- version/sgi irix/6.2
- version/sgi irix/6.3
- version/sgi irix/6.4
- version/sgi irix/6.5
- version/sgi irix/6.5.1
- version/sgi irix/6.5.2
- version/sgi irix/6.5.3
- version/sgi irix/6.5.4
- version/sgi irix/6.5.5
- version/sgi irix/6.5.6
- version/sgi irix/6.5.7
- version/sgi irix/6.5.8
- version/sgi irix/6.5.9
- version/sgi irix/6.5.10
- version/sgi irix/6.5.11
- version/sgi irix/6.5.12
- version/sgi irix/6.5.13
- version/sgi irix/6.5.14
- version/sgi irix/6.5.15
- version/sgi irix/6.5.16
- canonical/sco open unix
- version/sco open unix/8.0
- vendor/compaq
- canonical/hp tru64 unix
- version/hp tru64 unix/4.0f
- version/hp tru64 unix/4.0g
- version/hp tru64 unix/5.0a
- version/hp tru64 unix/5.1
- version/hp tru64 unix/5.1a
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/10.10
- version/hpe hp-ux/10.20
- version/hpe hp-ux/10.24
- version/hpe hp-ux/11.00
- version/hpe hp-ux/11.11
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/4.3.3
- version/ibm aix/5.1
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/2.6
- canonical/sun sunos
- version/sun sunos/5.5.1
- version/sun sunos/5.7
- version/sun sunos/5.8