Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1405

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-1999-1405
Last Modified 05 Sep 2008 04:19:26
Published 17 Feb 1999 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1405

Summary

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.

Vulnerable Systems

Operating System

  • Ibm Aix 3.2.5

  • Ibm Aix 4.1

  • Ibm Aix 4.1.2

  • Ibm Aix 4.1.3

  • Ibm Aix 4.1.4

  • Ibm Aix 4.1.5

  • Ibm Aix 4.2

  • Ibm Aix 4.2.1


References

BID - 375

BUGTRAQ - 19990220 Re: snap utility for AIX.

BUGTRAQ - 19990217 snap utility for AIX.


Last Updated: 27 May 2016 10:35:24