CVE-1999-1468

Properties

Published:
21.10.1991
Updated:
02.05.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
Sun: SunOS
Sun: SunOS
Sun: SunOS
Sun: SunOS
Sun: SunOS

Vulnerability description

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

References:

Unix: http://www.unix.geek.org.uk/~arny/www.8lgm.org/1.UNIX.rdist.23-Apr-1991
CERT: http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
Security Focus: http://www.securityfocus.com/bid/31
MISC: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html