| Vulnerability Name: | CCN-3232 | ||||||
| Published: | 1999-09-14 | ||||||
| Updated: | 1999-09-14 | ||||||
| Summary: | The Automounter daemon (amd) on some systems allows a remote user to query the service for its current process ID (PID). By obtaining the PID of other processes, an attacker can determine the randomness of the PIDs used on the system. Predictable PIDs can be useful to an attacker for some kinds of attacks. PID information should not be provided to untrusted users. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-1999-024.0 buffer overflow in amd Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-99:06 remote amd attack Source: CCN Type: RHSA-1999:032-01 Buffer overrun in amd Source: CCN Type: BSDI Internet Super Server 4.0.1 Mods (patches) BSDI Mod M401-017 Source: CCN Type: CERT Advisory CA-1999-12 Buffer Overflow in amd Source: CCN Type: CIAC Information Bulletin J-071 Buffer Overflow Vulnerability in amd Source: DEBIAN Type: Debian Security Advisory 19991018a amd: Buffer overflow in amd -- update Source: XF Type: UNKNOWN amd-pid(3232) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||