Vulnerability Report

CVE-1999-0828

Title: pkg tools allow reading arbitrary files via dacread permission

Arbitrary File Access

Proof Of Concept

PoC Available for CVE-1999-0828

CWE Category NVD-CWE-noinfo

Published Date Dec 02, 1999

Modified Date Apr 16, 2026

Exploit Status Available

Score 3.6 CVSS v2.0

Exploit Probability (EPSS)

0.35%

Vulnerability Summary

CVE-1999-0828: UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.

Impacted Vendors

caldera 1

sco 1

novell 1

Reference Links

http://www.securityfocus.com/bid/853 http://www.securityfocus.com/bid/853

CVSS v2.0

Source Entity [email protected]

Severity LOW

3.6

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:P/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-1999-0828 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/19658

View Code

Exploit-DB https://www.exploit-db.com/exploits/19660

View Code

Exploit-DB https://www.exploit-db.com/exploits/19661

View Code

April 16, 2026 MODIFIED

Vulnerability data updated via NVD.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

December 02, 1999 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:L/Au:N/C:P/I:P/A:N

Affected Stack

No specific products linked.