First published: Sat Apr 26 1997(Updated: )
Buffer overflow in xlock program allows local users to execute commands as root.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Data General DG/UX | =3.0 | |
SGI IRIX | =6.0.1 | |
SGI IRIX | =5.3 | |
SGI IRIX | =6.0.1 | |
Data General DG/UX | =5.0 | |
SGI IRIX | =6.1 | |
Data General DG/UX | =1.0 | |
SGI IRIX | =5.0.1 | |
Data General DG/UX | =4.0 | |
SGI IRIX | =5.1.1 | |
Data General DG/UX | =2.0 | |
SGI IRIX | =6.4 | |
SGI IRIX | =5.0 | |
SGI IRIX | =5.1 | |
Data General DG/UX | =6.0 | |
SGI IRIX | =5.2 | |
Data General DG/UX | =7.0 | |
SGI IRIX | =6.0 | |
SGI IRIX | =6.3 | |
SGI IRIX | =5.3 | |
Sun SunOS | =5.3 | |
HPE HP-UX | =10.30 | |
Debian | =0.93 | |
HPE HP-UX | =10.01 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.4 | |
HPE HP-UX | =10.00 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.5.1 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.5.1 | |
Oracle Solaris and Zettabyte File System (ZFS) | =2.5 | |
IBM AIX | =4.2 | |
Debian | =1.3 | |
HPE HP-UX | =10.34 | |
Sun SunOS | =5.5 | |
Debian | =1.2 | |
Debian | =1.1 | |
BSDI BSD/OS | =2.1 | |
HPE HP-UX | =10.24 | |
Sun SunOS | =5.4 | |
HPE HP-UX | =10.08 | |
Sun SunOS | =5.5.1 | |
HPE HP-UX | =10.20 | |
IBM AIX | =4.1 | |
IBM AIX | =3.2 | |
HPE HP-UX | =10.10 | |
HPE HP-UX | =10.16 | |
Debian Linux | =0.93 | |
Debian Linux | =1.1 | |
Debian Linux | =1.2 | |
Debian Linux | =1.3 | |
SunOS | =5.3 | |
SunOS | =5.4 | |
SunOS | =5.5 | |
SunOS | =5.5.1 | |
=1.0 | ||
=2.0 | ||
=3.0 | ||
=4.0 | ||
=5.0 | ||
=6.0 | ||
=7.0 | ||
=5.0 | ||
=5.0.1 | ||
=5.1 | ||
=5.1.1 | ||
=5.2 | ||
=5.3 | ||
=5.3 | ||
=6.0 | ||
=6.0.1 | ||
=6.0.1 | ||
=6.1 | ||
=6.3 | ||
=6.4 | ||
=2.1 | ||
=0.93 | ||
=1.1 | ||
=1.2 | ||
=1.3 | ||
=10.00 | ||
=10.01 | ||
=10.08 | ||
=10.10 | ||
=10.16 | ||
=10.20 | ||
=10.24 | ||
=10.30 | ||
=10.34 | ||
=3.2 | ||
=4.1 | ||
=4.2 | ||
=2.4 | ||
=2.5 | ||
=2.5.1 | ||
=2.5.1 | ||
=5.3 | ||
=5.4 | ||
=5.5 | ||
=5.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-1999-0038 is considered high due to the potential for local users to execute arbitrary commands as root.
Fixing CVE-1999-0038 involves updating the xlock program to a version that does not contain this buffer overflow vulnerability.
CVE-1999-0038 affects various versions of Data General DG/UX, SGI IRIX, Debian GNU/Linux, HPE HP-UX, IBM AIX, and Oracle Solaris.
CVE-1999-0038 can be exploited by local users with access to the affected systems.
Yes, there are patches available for CVE-1999-0038, typically found with software updates for the affected systems.