← back
CVE-1999-1405

CVE-1999-1405

EPSS 3.3%
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/19300unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=91936783009385&w=2http://marc.info/?l=bugtraq&m=91954824614013&w=2http://www.securityfocus.com/bid/375