Vulnerability Description
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
CVSS Score
6.2
MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Next | Next | 2.0 |
| Sgi | Irix | 3.3 |
| Cray | Unicos | 6.0 |
| Sun | Sunos | 4.0.3 |
References
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
- http://www.cert.org/advisories/CA-91.20.rdist.vulnerabilityPatchThird Party AdvisoryUS Government Resource
- http://www.iss.net/security_center/static/7160.php
- http://www.osvdb.org/8106
- http://www.securityfocus.com/bid/31PatchVendor Advisory
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
- http://www.cert.org/advisories/CA-91.20.rdist.vulnerabilityPatchThird Party AdvisoryUS Government Resource
- http://www.iss.net/security_center/static/7160.php
- http://www.osvdb.org/8106
- http://www.securityfocus.com/bid/31PatchVendor Advisory
FAQ
What is CVE-1999-1468?
CVE-1999-1468 is a vulnerability with a CVSS score of 6.2 (MEDIUM). rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
How severe is CVE-1999-1468?
CVE-1999-1468 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1468?
Check the references section above for vendor advisories and patch information. Affected products include: Next Next, Sgi Irix, Cray Unicos, Sun Sunos.