Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1299

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-1999-1299
Last Modified 05 Sep 2008 04:19:11
Published 03 Feb 1997 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1299

Summary

rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.

Vulnerable Systems

Operating System

  • Redhat Linux 4.0

  • Slackware Linux 3.1


References

BUGTRAQ - 19970203 Linux rcp bug


Last Updated: 27 May 2016 10:35:22