CVE-2002-1199
Title: ypxfrd getdbm procedure directory traversal/symlink attack
Information disclosure / arbitrary file read
Proof Of Concept
No public PoC currently indexed for CVE-2002-1199.
CWE Category
NVD-CWE-noinfo
Published Date
Oct 28, 2002
Modified Date
Apr 03, 2025
Exploit Status
Not Found
Score
5.0
CVSS v2.0
Exploit Probability (EPSS)
8.38%
Vulnerability Summary
CVE-2002-1199: The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Impacted Vendors
Reference Links
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
http://marc.info/?l=bugtraq&m=103426842025029&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
http://www.iss.net/security_center/static/10329.php
http://www.kb.cert.org/vuls/id/538033
http://www.securityfocus.com/bid/5937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
http://marc.info/?l=bugtraq&m=103426842025029&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
http://www.iss.net/security_center/static/10329.php
http://www.kb.cert.org/vuls/id/538033
http://www.securityfocus.com/bid/5937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
5.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:N/C:P/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2002-1199 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Stack
No specific products linked.