CVE-1999-0073
published 1995-10-13CVE-1999-0073: Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain…
PriorityP336critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.11%
86.2th percentile
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digital | osf_1 | — | — |
| digital | osf_1 | — | — |
| digital | osf_1 | — | — |
| digital | osf_1 | — | — |
| digital | osf_1 | — | — |
| digital | unix | — | — |
| digital | unix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
External Control of Critical State Data
mitre_cwe
CWE-642 External Control of Critical State Data
CWE-642: External Control of Critical State Data
The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.
If an attacker can modify the state information without detection, then it could be used to perform unauthorized actions or access unexpected resources, since the application programmer does not expect that the state can be changed. State information can be stored in various locations such as a cookie, in a hidden web form field, input parameter or argument, an environment variable, a database record, within a settings file, etc. All of these locations have the potential to be modified by an attacker. When this state information is used to control security or determine resource usage, then
CAPEC
Subverting Environment Variable Values
mitre_capec
[CRITICAL] Subverting Environment Variable Values
CAPEC-13: Subverting Environment Variable Values
The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.
Execution Flow:
Step 1 [Explore]: [Probe target application] The adversary first probes the target application to determine important information about the target. This information could include types software used, software versions, what user input the application consumes, and so on. Most importantly, the adversary tries to determine what environment variables might be used by the underlying software, or even the application itself.
Step 2 [Experiment]: [Find user-controlled environment variables
1995-10-13
Published