CVE - CVE-1999-1286

CVE-ID
CVE-1999-1286	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:330 URL:http://www.securityfocus.com/bid/330 BUGTRAQ:19970509 Re: Irix: misc URL:http://marc.info/?l=bugtraq&m=87602167420927&w=2 MISC:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX OSVDB:8560 URL:~~http://www.osvdb.org/8560~~ (Obsolete source) XF:irix-addnetpr(1433) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1433
Assigning CNA
MITRE Corporation
Date Record Created
20010831	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20060623)
Votes (Legacy)
ACCEPT(1) Frech NOOP(3) Christey, Cole, Foat
Comments (Legacy)
Christey> CHANGE DESC: "via a symlink attack on the printers temporary file." Add 5.3 as another affected version. MISC:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX SGI:19961203-02-PX may solve this problem, but the advisory is so vague that it is uncertain whether this was fixed or not. addnetpr is not specifically named in the advisory, which names netprint, which is not specified in the original Bugtraq post. In addition, the date on the advisory is one day earlier than that of the Bugtraq post, though that could be a difference in time zones. It seems plausible that the problem had already been patched (the researcher did say "There was [a] race condition") so maybe SGI released this advisory after the problem was publicized. ADDREF BID:330 URL:http://www.securityfocus.com/bid/330 Note: this is a dupe of CVE-1999-1410, but CVE-1999-1410 will be rejected in favor of CVE-1999-1286.
Proposed (Legacy)
20010912
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)