CVE Database As of 11-22-2019

CVE-1999-0022

Impact by CVSS Score
  • ID: CVE-1999-0022
Summary:

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Exploitability Analysis: Local

A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Exploitability Complexity: Low

Specialized access conditions or extenuating circumstances do not exist. The following are examples: The affected product typically requires access to a wide range of systems and users, possibly anonymous an untrusted (e.g., Internet-facing web or mail server). The affected configuration is default or ubiquitous. The attack can be performed manually and requires little skill or additional information gathering. The 'race condition' is a lazy one (i.e., it is technically a race but easily winnable).

Authentication: None

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact: Complete

There is total information disclosure, resulting in all system files being revealed. The attacker is able to read all of the system's data (memory, files, etc.).

Integrity Impact: Complete

There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised. The attacker is able to modify any files on the target system.

Availability Impact: Complete

There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.

Products Affected

cpe:/o:bsdi:bsd_os:1.1

cpe:/o:freebsd:freebsd:2.0

cpe:/o:freebsd:freebsd:2.0.5

cpe:/o:freebsd:freebsd:2.1.0

cpe:/o:hp:hp-ux:10.00

cpe:/o:ibm:aix:3.1

cpe:/o:ibm:aix:3.2

cpe:/o:ibm:aix:3.2.4

cpe:/o:ibm:aix:3.2.5

cpe:/o:ibm:aix:4.1

cpe:/o:ibm:aix:4.1.1

cpe:/o:ibm:aix:4.1.2

cpe:/o:ibm:aix:4.1.3

cpe:/o:ibm:aix:4.1.4

cpe:/o:ibm:aix:4.1.5

cpe:/o:ibm:aix:4.2

cpe:/o:sgi:irix:5.0

cpe:/o:sgi:irix:5.0.1

cpe:/o:sgi:irix:5.1

cpe:/o:sgi:irix:5.1.1

cpe:/o:sgi:irix:5.2

cpe:/o:sgi:irix:5.3

cpe:/o:sgi:irix:5.3::xfs

cpe:/o:sgi:irix:6.0

cpe:/o:sgi:irix:6.0.1

cpe:/o:sgi:irix:6.0.1::xfs

cpe:/o:sgi:irix:6.1

cpe:/o:sgi:irix:6.2

cpe:/o:sgi:irix:6.3

cpe:/o:sgi:irix:6.4

cpe:/o:sun:solaris:4.1.3

cpe:/o:sun:sunos:4.1.1

cpe:/o:sun:sunos:4.1.2

cpe:/o:sun:sunos:4.1.3u1

cpe:/o:sun:sunos:5.0

cpe:/o:sun:sunos:5.1

cpe:/o:sun:sunos:5.2

cpe:/o:sun:sunos:5.3

cpe:/o:sun:sunos:5.4


Search
Impact
High
CVSS Score
7.2
Created
1996-07-03 00:00:00
Modified
2018-10-30 12:26:22

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be