CVE-1999-1102 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-1999-1102?

CVE-1999-1102 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-1999-1102?

Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix, Apple A Ux, Bsd Bsd, Sun Sunos.

Vulnerability Description

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Sgi	Irix	<= 5.2
Apple	A Ux	2.0.1
Bsd	Bsd	4.3
Sun	Sunos	<= 4.1.1

References

http://ciac.llnl.gov/ciac/bulletins/e-25.shtmlPatchVendor Advisory
http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
http://www.phreak.org/archives/security/8lgm/8lgm.lprExploitVendor Advisory
http://ciac.llnl.gov/ciac/bulletins/e-25.shtmlPatchVendor Advisory
http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
http://www.phreak.org/archives/security/8lgm/8lgm.lprExploitVendor Advisory

FAQ

What is CVE-1999-1102?

CVE-1999-1102 is a vulnerability with a CVSS score of 2.1 (LOW). lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 ...

How severe is CVE-1999-1102?

CVE-1999-1102 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-1999-1102?

Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix, Apple A Ux, Bsd Bsd, Sun Sunos.