CVE-1999-1491 - abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which al

CVE-1999-1491

Summary

abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.

References

http://marc.info/?l=bugtraq&m=87602167418994&w=2
http://www.securityfocus.com/bid/354

Vulnerable Configurations

cpe:2.3:o:redhat:linux:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:2.1:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 02:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	354
bugtraq	19960202 abuse Red Hat 2.1 security hole

Last major update

18-10-2016 - 02:04

Published

02-02-1996 - 05:00

Last modified

18-10-2016 - 02:04