Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1409

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-1999-1409
Last Modified 10 Sep 2008 03:01:53
Published 03 Jul 1998 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1409

Summary

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

Vulnerable Systems

Operating System

  • Netbsd 1.0

  • Netbsd 1.1

  • Netbsd 1.2

  • Netbsd 1.2.1

  • Netbsd 1.3

  • Netbsd 1.3.1

  • Netbsd 1.3.2

  • Sgi Irix 6.2

  • Sgi Irix 6.4

  • Sgi Irix 6.5

  • Sgi Irix 6.5.1


References

BUGTRAQ - 19980703 more about 'at'

BID - 331

XF - at-f-read-files(7577)

BUGTRAQ - 19980805 irix-6.2 "at -f" vulnerability

NETBSD - NetBSD-SA1998-004


Last Updated: 27 May 2016 10:35:24