Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1409 — Netbsd vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.6%

top 30.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netbsd SGI Irix

Timeline

PublishedJul 3

Latest updateMay 3

Description

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDnetbsd/netbsd1.3.2+6

▶NVDsgi/irix4 versions+3

Patches

Patch: www.securityfocus.com ↗Patch: www.shmoo.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2j9c-282f-c92w: The at program in IRIX 6↗2022-05-03

▶

CVEList

CVE-1999-1409: The at program in IRIX 6↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File↗1998-06-27

▶