New Search

ypxfrd File Disclosure Vulnerability

oval:org.mitre.oval:def:2423

The getdbm procedure in ypxfrd allows local users to read arbitrary files and remote attackers to read databases outside /var/yp via a directory traversal and symlink attack on the domain and map arguments.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 7
Class:
vulnerability
Reference(s):
  • CVE-2002-1199
Product(s):
  • NIS