Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UnixWare CDE DTLogin Log目录不安全权限漏洞
Vulnerability Description
Unixware是一款Caldera维护的商用UNIX操作系统,其中dtlogin工具允许用户远程或者本地登陆到CDE会话,dtlogin把错误日志记录到/var/dt/Xerrors文件中。 UnixWare 7.1默认安装下对错误日志目录权限设置存在漏洞,可以导致本地攻击者进行符号连接攻击。 UnixWare 7.1默认把CDE错误日志目录安装在/var/dt,并设置777的目录权限,本地攻击者可以利用符号连接把日志文件连接到任意系统文件,当错误并记录时,导致错误信息记录到被连接的任意系统文件,可以导
CVSS Information
N/A
Vulnerability Type
N/A