CVE-ID

CVE-1999-0114

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000106)
Votes (Legacy)
ACCEPT(7) Armstrong, Bishop, Blake, Cole, Landfield, Shostack, Wall
MODIFY(2) Baker, Frech
NOOP(3) Christey, Northcutt, Ozancin
REVIEWING(1) Levy
Comments (Legacy)
 Frech> XF:elm-filter2
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Landfield> with Frech modifications
 Baker> ADD REF http://www.cert.org/ftp/cert_bulletins/VB-95:10a.elm	Official Advisory
 Christey> The correct URL is http://www.cert.org/vendor_bulletins/VB-95:10a.elm
   Need to make sure that this CERT advisory describes the right
   problem, especially since the CERT advisory is dated December
   18, 1995 and the original Bugtraq post was December 26, 1995.
 Christey> BID:1802
   URL:http://www.securityfocus.com/bid/1802
   BID:1802 doesn't include the 1999 posting - does Security
   Focus think that the 1999 post describes a different
   vulnerability?
 Christey> XF:elm-filter2 isn't on the X-Force web site.  How about XF:elm-filter(402) ?
   Its references point to the December 26, 1995 BUgtraq post.
   
   Also consider CIAC:G-36 and CERT:VB-95:10
 Frech> DELREF:XF:elm-filter2(711)
   ADDREF:XF:elm-filter(402)

Proposed (Legacy)
19990714
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.