CVE-2002-0678
First published: Tue Jul 23 2002(Updated: )
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xinuos UnixWare | =7.0 | |
| Xinuos UnixWare | =7.1.0 | |
| Xinuos UnixWare | =7.1.1 | |
| xi graphics dextop | =2.1 | |
| SGI IRIX | =5.2 | |
| SGI IRIX | =5.3 | |
| SGI IRIX | =6.0 | |
| SGI IRIX | =6.0.1 | |
| SGI IRIX | =6.1 | |
| SGI IRIX | =6.2 | |
| SGI IRIX | =6.3 | |
| SGI IRIX | =6.4 | |
| SGI IRIX | =6.5 | |
| SGI IRIX | =6.5.1 | |
| SGI IRIX | =6.5.2 | |
| SGI IRIX | =6.5.3 | |
| SGI IRIX | =6.5.4 | |
| SGI IRIX | =6.5.5 | |
| SGI IRIX | =6.5.6 | |
| SGI IRIX | =6.5.7 | |
| SGI IRIX | =6.5.8 | |
| SGI IRIX | =6.5.9 | |
| SGI IRIX | =6.5.10 | |
| SGI IRIX | =6.5.11 | |
| SGI IRIX | =6.5.12 | |
| SGI IRIX | =6.5.13 | |
| SGI IRIX | =6.5.14 | |
| SGI IRIX | =6.5.15 | |
| SGI IRIX | =6.5.16 | |
| SCO Open UNIX | =8.0 | |
| HP Tru64 UNIX | =4.0f | |
| HP Tru64 UNIX | =4.0g | |
| HP Tru64 UNIX | =5.0a | |
| HP Tru64 UNIX | =5.1 | |
| HP Tru64 UNIX | =5.1a | |
| HPE HP-UX | =10.10 | |
| HPE HP-UX | =10.20 | |
| HPE HP-UX | =10.24 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.11 | |
| IBM AIX | =4.3.3 | |
| IBM AIX | =5.1 | |
| Oracle Solaris SPARC | =2.6 | |
| Oracle Solaris SPARC | =9.0 | |
| Sun SunOS | =5.5.1 | |
| Sun SunOS | =5.7 | |
| Sun SunOS | =5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cert.org/advisories/CA-2002-20.html
- http://www.kb.cert.org/vuls/id/299816
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
- http://www.iss.net/security_center/static/9527.php
- http://www.securityfocus.com/bid/5083
- http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
- http://marc.info/?l=bugtraq&m=102635906423617&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
Frequently Asked Questions
What is the vulnerability CVE-2002-0678?
CVE-2002-0678 allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the CDE ToolTalk database server (ttdbserver).
What are the affected software versions of CVE-2002-0678?
CVE-2002-0678 affects various versions of SGI IRIX, Xinuos UnixWare, HPE HP-UX, Sun SunOS, Compaq Tru64, and IBM AIX.
What are common mitigation strategies for CVE-2002-0678?
To mitigate CVE-2002-0678, it is recommended to restrict local user access and implement proper file permission controls to prevent symlink attacks.
How do I check if my system is vulnerable to CVE-2002-0678?
You can check for CVE-2002-0678 vulnerability by verifying if your system is running an affected version of the CDE ToolTalk database server.
What is the impact of exploiting CVE-2002-0678?
Exploiting CVE-2002-0678 can allow attackers to overwrite critical files, potentially compromising system integrity and availability.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/caldera
- canonical/xinuos unixware
- version/xinuos unixware/7.0
- version/xinuos unixware/7.1.0
- version/xinuos unixware/7.1.1
- vendor/xi graphics
- canonical/xi graphics dextop
- version/xi graphics dextop/2.1
- vendor/sgi
- canonical/sgi irix
- version/sgi irix/5.2
- version/sgi irix/5.3
- version/sgi irix/6.0
- version/sgi irix/6.0.1
- version/sgi irix/6.1
- version/sgi irix/6.2
- version/sgi irix/6.3
- version/sgi irix/6.4
- version/sgi irix/6.5
- version/sgi irix/6.5.1
- version/sgi irix/6.5.2
- version/sgi irix/6.5.3
- version/sgi irix/6.5.4
- version/sgi irix/6.5.5
- version/sgi irix/6.5.6
- version/sgi irix/6.5.7
- version/sgi irix/6.5.8
- version/sgi irix/6.5.9
- version/sgi irix/6.5.10
- version/sgi irix/6.5.11
- version/sgi irix/6.5.12
- version/sgi irix/6.5.13
- version/sgi irix/6.5.14
- version/sgi irix/6.5.15
- version/sgi irix/6.5.16
- canonical/sco open unix
- version/sco open unix/8.0
- vendor/compaq
- canonical/hp tru64 unix
- version/hp tru64 unix/4.0f
- version/hp tru64 unix/4.0g
- version/hp tru64 unix/5.0a
- version/hp tru64 unix/5.1
- version/hp tru64 unix/5.1a
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/10.10
- version/hpe hp-ux/10.20
- version/hpe hp-ux/10.24
- version/hpe hp-ux/11.00
- version/hpe hp-ux/11.11
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/4.3.3
- version/ibm aix/5.1
- vendor/sun
- canonical/oracle solaris sparc
- version/oracle solaris sparc/2.6
- version/oracle solaris sparc/9.0
- canonical/sun sunos
- version/sun sunos/5.5.1
- version/sun sunos/5.7
- version/sun sunos/5.8