ID CVE-1999-0048 Type cve Reporter NVD Modified 2008-09-09T08:33:37
Description
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
{"type": "cve", "scanner": [], "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "bulletinFamily": "NVD", "history": [], "description": "Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.", "published": "1997-01-27T00:00:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0048", "reporter": "NVD", "hash": "608ca5348761fce983eccef9f8e6351cd948dcbd9b7898ea3ba33524bb7d0c71", "title": "CVE-1999-0048", "objectVersion": "1.2", "references": ["http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147"], "modified": "2008-09-09T08:33:37", "assessment": {"name": "", "href": "", "system": ""}, "edition": 1, "lastseen": "2016-09-03T02:08:00", "cpe": ["cpe:/o:ibm:aix:3.1", "cpe:/o:ibm:aix:4.2", "cpe:/o:nec:up-ux_v", "cpe:/a:debian:netkit:0.07", "cpe:/o:nec:ews-ux_v", "cpe:/o:ibm:aix:4.1", "cpe:/o:nec:asl_ux_4800"], "viewCount": 0, "cvelist": ["CVE-1999-0048"], "id": "CVE-1999-0048", "enchantments": {"vulnersScore": 10.0}}
{"result": {"osvdb": [{"id": "OSVDB:8203", "type": "osvdb", "title": "Multiple Vendor in.talkd Crafted DNS Response Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in talkd. The talkd fails to check bounds on the buffer where the hostname is stored resulting in a stack space overflow. With a specially crafted DNS entry, an attacker can cause remote execution of arbitrary commands with root privileges resulting in a loss of integrity.\n## Solution Description\nUpgrade to an unaffected version (see external references for your system). It is also possible to correct the flaw by implementing the following workaround: Disable talkd.\n## Short Description\nA remote overflow exists in talkd. The talkd fails to check bounds on the buffer where the hostname is stored resulting in a stack space overflow. With a specially crafted DNS entry, an attacker can cause remote execution of arbitrary commands with root privileges resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www.securityfocus.com/advisories/1501)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/19970701-01-PX)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147&type=0&nav=sec.sba)\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:21.talkd.asc)\nOther Advisory URL: http://www.auscert.org.au/render.html?it=1875&cid=1\nISS X-Force ID: 453\n[CVE-1999-0048](https://vulners.com/cve/CVE-1999-0048)\nCERT: CA-1997-04\nBugtraq ID: 210\n", "published": "1997-01-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:8203", "cvelist": ["CVE-1999-0048"], "lastseen": "2017-04-28T13:20:03"}]}}
