CVE-ID

CVE-1999-0381

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990726)
Votes (Legacy)
ACCEPT(7) Baker, Blake, Cole, Frech, Landfield, Levy, Ozancin
MODIFY(1) Bishop
NOOP(2) Armstrong, Wall
REVIEWING(1) Christey
Comments (Legacy)
 Christey> Is this the same as CVE-1999-0373?  They both have the same
   X-Force reference.
   
   BID:342 suggests that there are two.
   
   http://www.debian.org/security/1999/19990215a suggests
   that there are two.  However, CVE-1999-0373 is written up in
   a fashion that is too general; and both XF:linux-super-bo and
   XF:linux-super-logging-bo refer to CVE-1999-0373.
   CVE-1999-0373 may need to be split.
   
 Frech> From what I can surmise, ISS released the original advisory (attached to
   linux-super-bo), and Sekure SDI expanded on it by releasing another related
   overflow in syslog (which is linux-super-logging-bo).
   
   When I was originally assigning these issues, I placed both XF references
   and the ISS advisory on the -0373 candidate, since there was nothing else
   available. Based on the information above, I'd request that
   XF:linux-super-logging-bo be removed from CVE-1999-0373.
 Christey> Given Andre's feedback, these are different issues.
   CVE-1999-0373 does not need to be split because the ISS
   reference is sufficient to distinguish that CVE from this
   candidate; however, the CVE-1999-0373 description should
   probably be modified slightly.
 Bishop> (as indicated by Christey)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Christey> There are 2 bugs, as confirmed by the super author at:
   BUGTRAQ:19990226 Buffer Overflow in Super (new)
   http://www.securityfocus.com/archive/1/12713
   BID:397 also seems to cover this one, and it may cover
   CVE-1999-0373 as well.

Proposed (Legacy)
19990726
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.