CVE-1999-1095 - sort creates temporary files and follows symbolic links, which allows local users to modify arbitrar

CVE-1999-1095

Summary

sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.

References

http://marc.info/?l=bugtraq&m=87619953510834&w=2
http://marc.info/?l=bugtraq&m=88886870129518&w=2
http://marc.info/?l=bugtraq&m=88890116304676&w=2

Vulnerable Configurations

cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*
cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*
cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 02:01)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq

19971006 KSR[T] Advisory #3: updatedb / crontabs
19980302 overwrite any file with updatedb
19980303 updatedb stuff
19980303 updatedb: sort patch

Last major update

18-10-2016 - 02:01

Published

06-10-1997 - 04:00

Last modified

18-10-2016 - 02:01