CVE-1999-1095
First published: Mon Oct 06 1997(Updated: )
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Linux | =4.1 | |
| Slackware Linux | =3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1095?
CVE-1999-1095 is classified with a moderate severity level due to potential unauthorized access to sensitive files.
How do I fix CVE-1999-1095?
To remediate CVE-1999-1095, ensure that the sort command does not follow symbolic links when creating temporary files.
What versions of software are affected by CVE-1999-1095?
CVE-1999-1095 affects Red Hat Linux version 4.1 and Slackware version 3.3.
Who can exploit CVE-1999-1095?
Local users with access to the sort command can exploit CVE-1999-1095 to modify arbitrary writable files.
What are the implications of CVE-1999-1095?
The implications of CVE-1999-1095 include the potential for local users to manipulate files in a manner that could compromise system integrity.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/redhat
- canonical/red hat linux
- version/red hat linux/4.1
- vendor/slackware
- canonical/slackware linux
- version/slackware linux/3.3