What is CVE-1999-1138?

CVE-1999-1138 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 10.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1138

HIGH10.0/ 10.0

Published: September 17, 1993 at 04:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

CVSS Metrics

Base Score

10.0

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

SCO UNIX systems are vulnerable due to insecure default configurations that grant world-writable permissions to temporary directories used by specific user accounts. This allows unauthorized users to gain access to sensitive accounts and potentially compromise the entire system, leading to data breaches and system control loss.

02 // Vulnerability Mechanism

Step 1: Identify Target: Identify a SCO UNIX system running a vulnerable version.

Step 2: User Account Enumeration: Determine the existence of the dos and asg user accounts (or other accounts with home directories in world-writable locations).

Step 3: File Manipulation: Create or modify files within /tmp (for dos) or /usr/tmp (for asg). This could involve placing malicious .profile or .bashrc files to execute commands upon login.

Step 4: Account Access: Wait for the target user (e.g., dos or asg) to log in. The malicious code in the manipulated configuration files will execute.

Step 5: Privilege Escalation: The attacker now has access to the target user's account, potentially allowing further privilege escalation or data exfiltration.

03 // Deep Technical Analysis

The vulnerability stems from a flawed configuration during the installation of SCO UNIX System V/386 Release 3.2 and other SCO products. The installation process creates home directories for the dos and asg users within world-writable temporary directories (/tmp and /usr/tmp, respectively). This configuration error allows any user to create, modify, or delete files within these directories, effectively allowing them to manipulate the contents of the users' home directories. This is a classic privilege escalation vulnerability. The root cause is the failure to properly secure the temporary directories, leading to a weak access control configuration.