| Vulnerability Name: | CVE-1999-1095 (CCN-7182) | ||||||||
| Assigned: | 1997-08-05 | ||||||||
| Published: | 1997-08-05 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun, 1 Mar 1998 22:44:11 -0500 overwrite any file with updatedb Source: CCN Type: BugTraq Mailing List, Mon, 2 Mar 1998 19:55:27 -0500 updatedb stuff Source: CCN Type: BugTraq Mailing List, Tue, 3 Mar 1998 00:43:51 -0700 updatedb: sort patch Source: MITRE Type: CNA CVE-1999-1095 Source: BUGTRAQ Type: UNKNOWN 19971006 KSR[T] Advisory #3: updatedb / crontabs Source: BUGTRAQ Type: UNKNOWN 19980302 overwrite any file with updatedb Source: BUGTRAQ Type: UNKNOWN 19980303 updatedb stuff Source: CCN Type: KSR[T] Security Advisory #003 updatedb / crontabs Source: CCN Type: OSVDB ID: 9894 sort /tmp Symlink Arbitrary File Modification Source: XF Type: UNKNOWN sort-tmp-file-symlink(7182) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||