Vulnerabilities > CVE-1999-0433

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

xfree86-project

exploit available

NVD

Published: 1999-03-21

Updated: 2022-08-17

Summary

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Xfree86_Project Xfree86 Project X11R6 3.3.3	1
OS	Slackware Slackware Slackware Linux 3.5 Slackware Slackware Linux 3.4 Slackware Slackware Linux 4.0 Slackware Slackware Linux 3.6 Slackware Slackware Linux 3.3	5
OS	Redhat Redhat Linux 5.1 Redhat Linux 5.2	2
OS	Netbsd Netbsd Netbsd 1.3.3 Netbsd Netbsd 1.3.2	2
OS	Suse Suse Suse Linux 5.2 Suse Suse Linux 6.0 Suse Suse Linux 6.1 Suse Suse Linux 5.1	4

Exploit-Db

description	X11R6 3.3.3 Symlink Vulnerability. CVE-1999-0433. Local exploit for linux platform
id	EDB-ID:19257
last seen	2016-02-02
modified	1999-03-21
published	1999-03-21
reporter	Stealthf0rk
source	https://www.exploit-db.com/download/19257/
title	X11R6 3.3.3 Symlink Vulnerability

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.