Lucene search

[email protected]CVE-1999-1095

HistoryOct 06, 1997 - 4:00 a.m.

CVE-1999-1095

1997-10-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1095

security vulnerability

temporary files

symbolic links

user modifications

writable files

updatedb

nvd

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.

CPENameOperatorVersion
redhat:linuxredhat linuxeq4.1
slackware:slackware_linuxslackware slackware linuxeq3.3

CPE	Name	Operator	Version
redhat:linux	redhat linux	eq	4.1
slackware:slackware_linux	slackware slackware linux	eq	3.3

References

marc.info/?l=bugtraq&m=87619953510834&w=2

marc.info/?l=bugtraq&m=88886870129518&w=2

marc.info/?l=bugtraq&m=88890116304676&w=2

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON