Vulnerability Name:
CVE-1999-0048 (CCN-413)
Assigned:
1996-06-01
Published:
1996-06-01
Updated:
2008-09-09
Summary:
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-96:21
unauthorized access via buffer overrun in talkd
Source: MITRE
Type: CNA
CVE-1999-0048
Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX9704-061
Security Vulnerability in talkd
Source: SUN
Type: UNKNOWN
00147
Source: CCN
Type: CERT Advisory CA-1997-04
talkd Vulnerability
Source: CCN
Type: BID-210
Multiple Vendor talkd(8) Vulnerability
Source: XF
Type: UNKNOWN
netkit-talkd(413)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:debian:netkit:0.07:*:*:*:*:*:*:*
Configuration 2
:
cpe:/o:ibm:aix:3.1:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
OR
cpe:/o:nec:asl_ux_4800:*:*:*:*:*:*:*:*
OR
cpe:/o:nec:ews-ux_v:*:*:*:*:*:*:*:*
OR
cpe:/o:nec:up-ux_v:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*
Denotes that component is vulnerable
Vulnerability Name:
CVE-1999-0048 (CCN-453)
Assigned:
1997-01-01
Published:
1997-01-01
Updated:
1997-01-01
Summary:
Talkd could allow a remote attacker to execute arbitrary commands on the system to gain root privileges.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: AusCERT Advisory AA-97.01
talkd Buffer Overrun Vulnerability
Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-96:21
unauthorized access via buffer overrun in talkd
Source: CCN
Type: SGI Security Advisory 19970701-01-PX
talkd Vulnerability
Source: MITRE
Type: CNA
CVE-1999-0048
Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX9704-061
Security Vulnerability in talkd for HP-UX 10.10 & 10.20 only
Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00147
Vulnerability in talkd
Source: CCN
Type: CERT Advisory CA-1997-04
talkd Vulnerability
Source: CCN
Type: BID-210
Multiple Vendor talkd(8) Vulnerability
Source: XF
Type: UNKNOWN
talkd-bo(453)
Vulnerable Configuration:
Configuration CCN 1
:
cpe:/o:nec:ews-ux_v:*:*:*:*:*:*:*:*
OR
cpe:/o:nec:up-ux_v:*:*:*:*:*:*:*:*
OR
cpe:/o:nec:asl_ux_4800:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:4.1.4:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:4.1.3u1:*:*:*:*:*:*:*
AND
cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:3.2:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:2.1:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.0.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.4:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.0:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.1t:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.4:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.4b:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.4t:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5_iop:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5a:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5b:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5d:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5e:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5g:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5h:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.0.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.1.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.3:*:xfs:*:*:*:*:*
OR
cpe:/o:sgi:irix:5.0:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:3.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:3.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:3.3.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:3.3.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:3.3.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:4.0.5_ipr:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
debian
netkit 0.07
ibm
aix 3.1
ibm
aix 4.1
ibm
aix 4.2
nec
asl ux 4800 *
nec
ews-ux v *
nec
up-ux v *
freebsd
freebsd 2.1.0
hp
hp-ux 10.10
hp
hp-ux 10.20
freebsd
freebsd 2.1.7.1
freebsd
freebsd 2.1.5
freebsd
freebsd 2.1.6
freebsd
freebsd 2.1.7
freebsd
freebsd 2.1.6.1
nec
ews-ux v *
nec
up-ux v *
nec
asl ux 4800 *
hp
hp-ux 10.20
sun
sunos 4.1.4
sun
sunos 4.1.3u1
linux
linux kernel *
ibm
aix 3.2
ibm
aix 4.1
ibm
aix 4.2
windriver
bsdos 2.1
freebsd
freebsd *
sgi
irix 5.2
sgi
irix 5.3
sgi
irix 6.0.1
sgi
irix 6.1
sgi
irix 6.2
sgi
irix 6.3
sgi
irix 6.4
sun
solaris 2.3
sun
solaris 2.5.1
hp
hp-ux 10.10
sgi
irix 6.0
sun
solaris 2.5
sun
solaris 2.5.1
sun
solaris 2.4
sgi
irix 4.0.5
sun
solaris 1.0
sgi
irix 4.0.1
sgi
irix 4.0.1t
sgi
irix 4.0.2
sgi
irix 4.0.3
sgi
irix 4.0.4
sgi
irix 4.0.4b
sgi
irix 4.0.4t
sgi
irix 4.0.5_iop
sgi
irix 4.0.5a
sgi
irix 4.0.5b
sgi
irix 4.0.5d
sgi
irix 4.0.5e
sgi
irix 4.0.5f
sgi
irix 4.0.5g
sgi
irix 4.0.5h
sgi
irix 5.0.1
sgi
irix 5.1
sgi
irix 5.1.1
sgi
irix 5.3
sgi
irix 5.0
sgi
irix 3.2
sgi
irix 3.3
sgi
irix 3.3.1
sgi
irix 3.3.2
sgi
irix 3.3.3
sgi
irix 4.0
sgi
irix 4.0.5_ipr
Denotes that component is vulnerable