Vulnerability Name:

CVE-1999-0674 (CCN-3121)

Assigned:1999-08-08
Published:1999-08-08
Updated:2018-10-30
Summary:The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-99:02
Profiling Across Exec Calls

Source: MITRE
Type: CNA
CVE-1999-0674

Source: CCN
Type: BugTraq Mailing List, 1999-08-09 11:18:36
profil(2) bug, a simple test program

Source: CCN
Type: NetBSD Security Advisory 1999-011
profil(2) can modify setuid root programs

Source: CCN
Type: CIAC Information Bulletin J-067
Profiling Across FreeBSD Exec Calls

Source: CIAC
Type: UNKNOWN
J-067

Source: CCN
Type: OpenBSD Security Advisory, August 9, 1999
Stop profiling (see profil(2)) when we execve() a new process

Source: CCN
Type: OSVDB ID: 1033
Multiple BSD profil(2) System Call Local Privilege Escalation

Source: BID
Type: Exploit, Patch, Vendor Advisory
570

Source: CCN
Type: BID-570
Multiple Vendor profil(2) Vulnerability

Source: XF
Type: UNKNOWN
netbsd-profil(3121)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netbsd:netbsd:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netbsd netbsd 1.0
    netbsd netbsd 1.1
    netbsd netbsd 1.2
    netbsd netbsd 1.2.1
    netbsd netbsd 1.3
    netbsd netbsd 1.3.1
    netbsd netbsd 1.3.2
    netbsd netbsd 1.3.3
    netbsd netbsd 1.4
    openbsd openbsd 2.0
    openbsd openbsd 2.1
    openbsd openbsd 2.2
    openbsd openbsd 2.3
    openbsd openbsd 2.4
    openbsd openbsd 2.5
    sun solaris 2.4
    sun solaris 2.5
    sun solaris 2.6
    sun solaris 7.0
    sun sunos -
    sun sunos 5.1
    sun sunos 5.2
    sun sunos 5.3
    sun sunos 5.4
    sun sunos 5.5
    sun sunos 5.5.1
    sun sunos 5.7
    freebsd freebsd 2.1.0
    freebsd freebsd 2.2
    openbsd openbsd 2.1
    freebsd freebsd 3.0
    netbsd netbsd *
    openbsd openbsd 2.2
    openbsd openbsd 2.3
    openbsd openbsd 2.4
    openbsd openbsd 2.0
    openbsd openbsd 2.5
    freebsd freebsd 3.1
    freebsd freebsd 3.2
    freebsd freebsd 2.1.7.1
    freebsd freebsd 2.1.5
    freebsd freebsd 2.1.6
    freebsd freebsd 2.1.7
    freebsd freebsd 2.1.6.1
    freebsd freebsd 2.2.1
    freebsd freebsd 2.2.2
    freebsd freebsd 2.2.3
    freebsd freebsd 2.2.4
    freebsd freebsd 2.2.5
    freebsd freebsd 2.2.6
    freebsd freebsd 2.2.7
    freebsd freebsd 2.2.8