Lucene search

MitreCVE-1999-0433

HistorySep 29, 1999 - 4:00 a.m.

CVE-1999-0433

1999-09-2904:00:00

mitre

web.nvd.nist.gov

cve-1999-0433

xfree86

startx

symlink attack

denial of service

restricted directories

gain privileges

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

Percentile

9.7%

JSON

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Affected configurations

Nvd

Node

xfree86_projectx11r6Match3.3.3

Node

netbsdnetbsdMatch1.3.2

netbsdnetbsdMatch1.3.3

redhatlinuxMatch5.1

redhatlinuxMatch5.2i386

slackwareslackware_linuxMatch3.3

slackwareslackware_linuxMatch3.4

slackwareslackware_linuxMatch3.5

slackwareslackware_linuxMatch3.6

slackwareslackware_linuxMatch4.0

susesuse_linuxMatch5.1

susesuse_linuxMatch5.2

susesuse_linuxMatch6.0

susesuse_linuxMatch6.1

VendorProductVersionCPE
xfree86_projectx11r63.3.3cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
netbsdnetbsd1.3.2cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*
netbsdnetbsd1.3.3cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*
redhatlinux5.1cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*
redhatlinux5.2cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*
slackwareslackware_linux3.3cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*
slackwareslackware_linux3.4cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*
slackwareslackware_linux3.5cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*
slackwareslackware_linux3.6cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*
slackwareslackware_linux4.0cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xfree86_project	x11r6	3.3.3	cpe:2.3:a:xfree86_project:x11r6:3.3.3:::::::*
netbsd	netbsd	1.3.2	cpe:2.3:o:netbsd:netbsd:1.3.2:::::::*
netbsd	netbsd	1.3.3	cpe:2.3:o:netbsd:netbsd:1.3.3:::::::*
redhat	linux	5.1	cpe:2.3:o:redhat:linux:5.1:::::::*
redhat	linux	5.2	cpe:2.3:o:redhat:linux:5.2::i386:::::
slackware	slackware_linux	3.3	cpe:2.3:o:slackware:slackware_linux:3.3:::::::*
slackware	slackware_linux	3.4	cpe:2.3:o:slackware:slackware_linux:3.4:::::::*
slackware	slackware_linux	3.5	cpe:2.3:o:slackware:slackware_linux:3.5:::::::*
slackware	slackware_linux	3.6	cpe:2.3:o:slackware:slackware_linux:3.6:::::::*
slackware	slackware_linux	4.0	cpe:2.3:o:slackware:slackware_linux:4.0:::::::*

Rows per page:

1-10 of 141

References

exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

Percentile

9.7%

JSON

Related for CVE-1999-0433