Vulnerability Description
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgi | Irix | 6.2 |
| Netbsd | Netbsd | <= 1.3.2 |
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
- http://marc.info/?l=bugtraq&m=90233906612929&w=2
- http://www.iss.net/security_center/static/7577.php
- http://www.securityfocus.com/bid/331ExploitPatchVendor Advisory
- http://www.shmoo.com/mail/bugtraq/jul98/msg00064.htmlPatchVendor Advisory
- ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
- http://marc.info/?l=bugtraq&m=90233906612929&w=2
- http://www.iss.net/security_center/static/7577.php
- http://www.securityfocus.com/bid/331ExploitPatchVendor Advisory
- http://www.shmoo.com/mail/bugtraq/jul98/msg00064.htmlPatchVendor Advisory
FAQ
What is CVE-1999-1409?
CVE-1999-1409 is a vulnerability with a CVSS score of 2.1 (LOW). The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at...
How severe is CVE-1999-1409?
CVE-1999-1409 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1409?
Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix, Netbsd Netbsd.