CVE-1999-1210

Name of the Vulnerable Software and Affected Versions Digital UNIX version 4.0B with patch kit 5

Description The issue allows local users to overwrite arbitrary files via a symlink attack on a core dump file. This occurs when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.

Recommendations For Digital UNIX version 4.0B with patch kit 5, consider restricting access to the DISPLAY environmental variable to prevent unauthorized modifications. As a temporary workaround, avoid setting the DISPLAY variable to unaccessible displays when calling xterm until a more permanent solution is available.