CVE-1999-1138

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Published: Sep 17, 1993
Updated: Apr 13, 2023
CVE: CVE-1999-1138
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sco / unix	system_v386_3.2_operating_system_2.0	system_v386_3.2_operating_system_2.0.x
sco / open_desktop	3.0	3.0.x
sco / unix	system_v386_3.2_operating_system_4.0	system_v386_3.2_operating_system_4.0.x
sco / open_desktop	2.0	2.0.x
sco / openserver	3.0	3.0.x
sco / unix	system_v386_3.2_operating_system	system_v386_3.2_operating_system.x
sco / open_desktop_lite	3.0	3.0.x
sco / open_desktop	1.0	1.0.x
sco / unix	system_v386_3.2_operating_system_4.x	system_v386_3.2_operating_system_4.x.x

http://www.cert.org/advisories/CA-1993-13.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/546

Vulnerability Database

289,599

CVE-1999-1138