Vulnerability Description
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
CVSS Score
1.2
LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 4.1 |
References
- http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only
- http://www.securityfocus.com/bid/408PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7675
- http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only
- http://www.securityfocus.com/bid/408PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7675
FAQ
What is CVE-1999-1486?
CVE-1999-1486 is a vulnerability with a CVSS score of 1.2 (LOW). sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
How severe is CVE-1999-1486?
CVE-1999-1486 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1486?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.