Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1468

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-1999-1468
Last Modified 10 Sep 2008 03:01:59
Published 22 Oct 1991 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-1999-1468

Summary

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

Vulnerable Systems

Operating System

  • Cray Unicos 6.0

  • Cray Unicos 6.0e

  • Cray Unicos 6.1

  • Sgi Irix 3.3

  • Sgi Irix 3.3.1

  • Sgi Irix 3.3.2

  • Sgi Irix 3.3.3

  • Sgi Irix 4.0

  • Sunos 4.0.3

  • Sunos 4.0.3c

  • Sunos 4.1

  • Sunos 4.1.1

  • Sunos 4.1psr A

Application

  • Next 2.0

  • Next 2.1


References

CERT - CA-91.20

BID - 31

MISC - http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html

OSVDB - 8106

XF - rdist-popen-gain-privileges(7160)


Last Updated: 27 May 2016 10:35:26