Vulnerabilities > CVE-1999-1434 - Unspecified vulnerability in Slackware Linux

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

slackware

exploit available

NVD

Published: 1998-07-13

Updated: 2016-10-18

Summary

login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.

Vulnerable Configurations

Part	Description	Count
OS	Slackware Slackware Slackware Linux 3.1 Slackware Slackware Linux 3.2 Slackware Slackware Linux 3.3 Slackware Slackware Linux 3.4 Slackware Slackware Linux 3.5	5

Exploit-Db

description	Slackware Linux <= 3.5 /etc/group missing results in Root access Vulnerability. CVE-1999-1434. Local exploit for linux platform
id	EDB-ID:19122
last seen	2016-02-02
modified	1998-07-13
published	1998-07-13
reporter	Richard Thomas
source	https://www.exploit-db.com/download/19122/
title	Slackware Linux <= 3.5 /etc/group missing results in Root access Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References