PT-1999-1096 · Sco · Sco Openserver Enterprise System
Published
1999-03-07
·
Updated
2022-08-17
·
CVE-1999-0411
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SCO OpenServer Enterprise System version 5.0.4p
Description
The issue concerns several startup scripts in the system, including S84rpcinit, S95nis, S85tcp, and S89nfs, which are susceptible to a symlink attack. This allows a local user to potentially gain root access.
Recommendations
For SCO OpenServer Enterprise System version 5.0.4p, consider restricting access to the vulnerable startup scripts until a patch is available. As a temporary workaround, disabling the execution of these scripts can help minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sco Openserver Enterprise System