CVE-1999-0138

3 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 77.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple A UX Digital OSF 1 Freebsd Freebsd +5 more

Timeline

PublishedJun 26

Latest updateApr 30

Description

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDibm/aix3.2.5, 4+1

▶NVDhp/hp-ux10, 8, 9+2

▶NVDapple/a_ux3.1.1

▶NVDnec/up-ux_v4.2mp

▶NVDnec/ews-ux_v4.2, 4.2mp+1

Also affects: Freebsd 2.0, 2.0.5, 2.1.0

🔴Vulnerability Details

GHSA

GHSA-785w-f5m3-3g56: The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access↗2022-04-30

▶

CVEList

CVE-1999-0138: The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access↗1999-09-29

▶