ID

VAR-199606-0003


CVE

CVE-1999-0138


TITLE

suidperl and sperl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199606-003

DESCRIPTION

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. HP-UX is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain root privileges

Trust: 1.26

sources: NVD: CVE-1999-0138 // BID: 77730 // VULHUB: VHN-138

AFFECTED PRODUCTS

vendor:applemodel:a uxscope:eqversion:3.1.1

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.0

Trust: 1.3

vendor:ibmmodel:aixscope:eqversion:3.2.5

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:2.0.5

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:2.0

Trust: 1.3

vendor:ibmmodel:aixscope:eqversion:4

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:1.2.0

Trust: 1.0

vendor:necmodel:ews-ux vscope:eqversion:4.2mp

Trust: 1.0

vendor:necmodel:up-ux vscope:eqversion:4.2mp

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:8

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:10

Trust: 1.0

vendor:digitalmodel:osf 1scope:eqversion:1.3

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:2.1.0

Trust: 1.0

vendor:necmodel:ews-ux vscope:eqversion:4.2

Trust: 1.0

vendor:necmodel:asl ux 4800scope:eqversion:*

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9

Trust: 1.0

vendor:necmodel:up-ux/vscope: - version: -

Trust: 0.3

vendor:necmodel:ews-ux 4.2mpscope:eqversion:v

Trust: 0.3

vendor:necmodel:ews-uxscope:eqversion:v4.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1

Trust: 0.3

vendor:dpecmodel:osfscope:eqversion:11.3

Trust: 0.3

vendor:applemodel:a/uxscope:eqversion:3.1.1

Trust: 0.3

sources: BID: 77730 // CNNVD: CNNVD-199606-003 // NVD: CVE-1999-0138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0138
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199606-003
value: HIGH

Trust: 0.6

VULHUB: VHN-138
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-0138
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-138
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-138 // CNNVD: CNNVD-199606-003 // NVD: CVE-1999-0138

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0138

THREAT TYPE

local

Trust: 0.9

sources: BID: 77730 // CNNVD: CNNVD-199606-003

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199606-003

EXTERNAL IDS

db:NVDid:CVE-1999-0138

Trust: 2.0

db:CNNVDid:CNNVD-199606-003

Trust: 0.7

db:BIDid:77730

Trust: 0.4

db:VULHUBid:VHN-138

Trust: 0.1

sources: VULHUB: VHN-138 // BID: 77730 // CNNVD: CNNVD-199606-003 // NVD: CVE-1999-0138

REFERENCES

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0138

Trust: 1.7

url:http://www.hp.com/products1/unix/

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-138 // BID: 77730 // CNNVD: CNNVD-199606-003 // NVD: CVE-1999-0138

CREDITS

Unknown

Trust: 0.3

sources: BID: 77730

SOURCES

db:VULHUBid:VHN-138
db:BIDid:77730
db:CNNVDid:CNNVD-199606-003
db:NVDid:CVE-1999-0138

LAST UPDATE DATE

2024-08-14T15:36:17.981000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-138date:2008-09-09T00:00:00
db:BIDid:77730date:1996-06-26T00:00:00
db:CNNVDid:CNNVD-199606-003date:2022-08-18T00:00:00
db:NVDid:CVE-1999-0138date:2022-08-17T07:15:11.853

SOURCES RELEASE DATE

db:VULHUBid:VHN-138date:1996-06-26T00:00:00
db:BIDid:77730date:1996-06-26T00:00:00
db:CNNVDid:CNNVD-199606-003date:1996-06-26T00:00:00
db:NVDid:CVE-1999-0138date:1996-06-26T04:00:00