CVE-ID

CVE-1999-0949

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19991208 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19991222)
Votes (Legacy)
ACCEPT(2) Levy, Stracener
MODIFY(1) Frech
NOOP(2) Baker, Christey
Comments (Legacy)
 Christey> CVE-1999-0948 and CVE-1999-0949 are extremely similar.
   uum (0948) is exploitable through a different set of options
   than canuum (0949).  If it's the same generic option parsing
   routine used by both programs, then CD:SF-CODEBASE says to
   merge them.  But if it's not, then CD:SF-LOC and CD:SF-EXEC
   says to split them.  However, this is a prime example of
   how SF-EXEC might be modified - uum and canuum are clearly
   part of the same package, so in the absence of clear
   information, maybe we should merge them.
   
   Also review BID:758 and BID:757 - may need to change the BID
   here.
 Frech> XF:canna-uum-bo
 Christey> CHANGEREF BID:757 BID:758
 Christey> The following page says that canuum is a "Japanese input tty
   frontend for Canna using uum," which suggests that it is, at
   the least, a different package, so perhaps this should stay SPLIT.
   
   http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/pkgsrc/inputmethod/canuum/README.html

Proposed (Legacy)
19991222
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.