Vulnerability Description
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slackware | Slackware Linux | 2.0.35 |
References
- http://marc.info/?l=bugtraq&m=91540043023167&w=2
- http://www.securityfocus.com/bid/211
- http://marc.info/?l=bugtraq&m=91540043023167&w=2
- http://www.securityfocus.com/bid/211
FAQ
What is CVE-1999-1422?
CVE-1999-1422 is a vulnerability with a CVSS score of 7.2 (HIGH). The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan hors...
How severe is CVE-1999-1422?
CVE-1999-1422 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1422?
Check the references section above for vendor advisories and patch information. Affected products include: Slackware Slackware Linux.