Vulnerabilities > CVE-1999-0138

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

NVD

Published: 1996-06-26

Updated: 2022-08-17

Summary

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 4 IBM AIX 3.2.5	2
OS	Linux Linux Linux Kernel 1.2.0 Linux Linux Kernel 2.0	2
OS	Nec NEC EWS UX V 4.2Mp NEC EWS UX V 4.2 NEC ASL UX 4800 * NEC UP UX V 4.2Mp	4
OS	Digital Digital OSF 1 1.3	1
OS	Freebsd Freebsd Freebsd 2.0.5 Freebsd Freebsd 2.1.0 Freebsd Freebsd 2.0	3
OS	Hp HP HP UX 8 HP HP UX 9 HP HP UX 10	3
OS	Apple Apple A UX 3.1.1	1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0138

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.