Vulnerability Description
login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slackware | Slackware Linux | 3.1 |
References
- http://marc.info/?l=bugtraq&m=90221104525951&w=2
- http://www.securityfocus.com/bid/155
- http://marc.info/?l=bugtraq&m=90221104525951&w=2
- http://www.securityfocus.com/bid/155
FAQ
What is CVE-1999-1434?
CVE-1999-1434 is a vulnerability with a CVSS score of 7.2 (HIGH). login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to a...
How severe is CVE-1999-1434?
CVE-1999-1434 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1434?
Check the references section above for vendor advisories and patch information. Affected products include: Slackware Slackware Linux.