CVE - CVE-1999-0114

CVE-ID
CVE-1999-0114	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:19951226 filter (elm package) security hole BUGTRAQ:19990912 elm filter program MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0114 XF:elm-filter2
Assigning CNA
MITRE Corporation
Date Record Created
19990607	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000106)
Votes (Legacy)
ACCEPT(7) Armstrong, Bishop, Blake, Cole, Landfield, Shostack, Wall MODIFY(2) Baker, Frech NOOP(3) Christey, Northcutt, Ozancin REVIEWING(1) Levy
Comments (Legacy)
Frech> XF:elm-filter2 CHANGE> [Wall changed vote from NOOP to ACCEPT] Landfield> with Frech modifications Baker> ADD REF http://www.cert.org/ftp/cert_bulletins/VB-95:10a.elm Official Advisory Christey> The correct URL is http://www.cert.org/vendor_bulletins/VB-95:10a.elm Need to make sure that this CERT advisory describes the right problem, especially since the CERT advisory is dated December 18, 1995 and the original Bugtraq post was December 26, 1995. Christey> BID:1802 URL:http://www.securityfocus.com/bid/1802 BID:1802 doesn't include the 1999 posting - does Security Focus think that the 1999 post describes a different vulnerability? Christey> XF:elm-filter2 isn't on the X-Force web site. How about XF:elm-filter(402) ? Its references point to the December 26, 1995 BUgtraq post. Also consider CIAC:G-36 and CERT:VB-95:10 Frech> DELREF:XF:elm-filter2(711) ADDREF:XF:elm-filter(402)
Proposed (Legacy)
19990714
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)