CVE-1999-0038: Buffer Overflow
First published: Sat Apr 26 1997(Updated: )
Buffer overflow in xlock program allows local users to execute commands as root.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Data General DG/UX | =1.0 | |
| Data General DG/UX | =2.0 | |
| Data General DG/UX | =3.0 | |
| Data General DG/UX | =4.0 | |
| Data General DG/UX | =5.0 | |
| Data General DG/UX | =6.0 | |
| Data General DG/UX | =7.0 | |
| SGI IRIX | =5.0 | |
| SGI IRIX | =5.0.1 | |
| SGI IRIX | =5.1 | |
| SGI IRIX | =5.1.1 | |
| SGI IRIX | =5.2 | |
| SGI IRIX | =5.3 | |
| SGI IRIX | =5.3 | |
| SGI IRIX | =6.0 | |
| SGI IRIX | =6.0.1 | |
| SGI IRIX | =6.0.1 | |
| SGI IRIX | =6.1 | |
| SGI IRIX | =6.3 | |
| SGI IRIX | =6.4 | |
| BSDI BSD/OS | =2.1 | |
| Debian | =0.93 | |
| Debian | =1.1 | |
| Debian | =1.2 | |
| Debian | =1.3 | |
| HPE HP-UX | =10.00 | |
| HPE HP-UX | =10.01 | |
| HPE HP-UX | =10.08 | |
| HPE HP-UX | =10.10 | |
| HPE HP-UX | =10.16 | |
| HPE HP-UX | =10.20 | |
| HPE HP-UX | =10.24 | |
| HPE HP-UX | =10.30 | |
| HPE HP-UX | =10.34 | |
| IBM AIX | =3.2 | |
| IBM AIX | =4.1 | |
| IBM AIX | =4.2 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =2.4 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =2.5 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =2.5.1 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =2.5.1 | |
| Sun SunOS | =5.3 | |
| Sun SunOS | =5.4 | |
| Sun SunOS | =5.5 | |
| Sun SunOS | =5.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-1999-0038?
The severity of CVE-1999-0038 is considered high due to the potential for local users to execute arbitrary commands as root.
How do I fix CVE-1999-0038?
Fixing CVE-1999-0038 involves updating the xlock program to a version that does not contain this buffer overflow vulnerability.
What systems are affected by CVE-1999-0038?
CVE-1999-0038 affects various versions of Data General DG/UX, SGI IRIX, Debian GNU/Linux, HPE HP-UX, IBM AIX, and Oracle Solaris.
Who can exploit CVE-1999-0038?
CVE-1999-0038 can be exploited by local users with access to the affected systems.
Is there a patch available for CVE-1999-0038?
Yes, there are patches available for CVE-1999-0038, typically found with software updates for the affected systems.
- agent/type
- agent/first-publish-date
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/data general
- canonical/data general dg/ux
- version/data general dg/ux/1.0
- version/data general dg/ux/2.0
- version/data general dg/ux/3.0
- version/data general dg/ux/4.0
- version/data general dg/ux/5.0
- version/data general dg/ux/6.0
- version/data general dg/ux/7.0
- vendor/sgi
- canonical/sgi irix
- version/sgi irix/5.0
- version/sgi irix/5.0.1
- version/sgi irix/5.1
- version/sgi irix/5.1.1
- version/sgi irix/5.2
- version/sgi irix/5.3
- version/sgi irix/6.0
- version/sgi irix/6.0.1
- version/sgi irix/6.1
- version/sgi irix/6.3
- version/sgi irix/6.4
- vendor/bsdi
- canonical/bsdi bsd/os
- version/bsdi bsd/os/2.1
- vendor/debian
- canonical/debian
- version/debian/0.93
- version/debian/1.1
- version/debian/1.2
- version/debian/1.3
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/10.00
- version/hpe hp-ux/10.01
- version/hpe hp-ux/10.08
- version/hpe hp-ux/10.10
- version/hpe hp-ux/10.16
- version/hpe hp-ux/10.20
- version/hpe hp-ux/10.24
- version/hpe hp-ux/10.30
- version/hpe hp-ux/10.34
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/3.2
- version/ibm aix/4.1
- version/ibm aix/4.2
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/2.4
- version/oracle solaris and zettabyte file system (zfs)/2.5
- version/oracle solaris and zettabyte file system (zfs)/2.5.1
- canonical/sun sunos
- version/sun sunos/5.3
- version/sun sunos/5.4
- version/sun sunos/5.5
- version/sun sunos/5.5.1