CVE Database As of 11-22-2019

CVE-1999-0059

Impact by CVSS Score
  • ID: CVE-1999-0059
Summary:

IRIX fam service allows an attacker to obtain a list of all files on the server.

Exploitability Analysis: Network

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed “remotely exploitable”. An example of a network attack is an RPC buffer overflow.

Exploitability Complexity: Medium

The access conditions are somewhat specialized; the following are examples: The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted. Some information must be gathered before a successful attack can be launched. The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme). The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browser’s status bar to show a false link, having to be on someone’s “buddy” list before sending an IM exploit).

Authentication: None

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact: Complete

There is total information disclosure, resulting in all system files being revealed. The attacker is able to read all of the system's data (memory, files, etc.).

Integrity Impact: None

There is no impact to the integrity of the system.

Availability Impact: None

There is no impact to the availability of the system.

Products Affected

cpe:/o:sgi:irix:5.3

cpe:/o:sgi:irix:6.1

cpe:/o:sgi:irix:6.2

cpe:/o:sgi:irix:6.3


Search
Impact
High
CVSS Score
7.1
Created
1997-07-14 00:00:00
Modified
2018-05-02 21:29:01

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be