Vulnerabilities > CVE-1999-1422 - Unspecified vulnerability in Slackware Linux 2.0.35/3.4

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

slackware

NVD

Published: 1999-01-02

Updated: 2016-10-18

Summary

The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.

Vulnerable Configurations

Part	Description	Count
OS	Slackware Slackware Slackware Linux 2.0.35 Slackware Slackware Linux 3.4	2

References

http://marc.info/?l=bugtraq&m=91540043023167&w=2
http://www.securityfocus.com/bid/211