Lucene search

[email protected]CVE-1999-1405

HistoryFeb 17, 1999 - 5:00 a.m.

CVE-1999-1405

1999-02-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

aix

snap command

world-readable permissions

local users

password file

cve-1999-1405

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

63.9%

JSON

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.

CPENameOperatorVersion
ibm:aixibm aixeq4.2.1
ibm:aixibm aixeq3.2.5
ibm:aixibm aixeq4.1.4
ibm:aixibm aixeq4.2
ibm:aixibm aixeq4.1.5
ibm:aixibm aixeq4.1.2
ibm:aixibm aixeq4.1
ibm:aixibm aixeq4.1.3

CPE	Name	Operator	Version
ibm:aix	ibm aix	eq	4.2.1
ibm:aix	ibm aix	eq	3.2.5
ibm:aix	ibm aix	eq	4.1.4
ibm:aix	ibm aix	eq	4.2
ibm:aix	ibm aix	eq	4.1.5
ibm:aix	ibm aix	eq	4.1.2
ibm:aix	ibm aix	eq	4.1
ibm:aix	ibm aix	eq	4.1.3

References

marc.info/?l=bugtraq&m=91936783009385&w=2

marc.info/?l=bugtraq&m=91954824614013&w=2

www.securityfocus.com/bid/375

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

63.9%

JSON